WASHINGTON – Multiple law enforcement officials announced on Nov. 8 that five people were arrested for their alleged involvement with ransomware group REvil which was linked to the cybersecurity attack on JBS SA in June.

Europol first reported that two people were arrested in Romania on Nov. 4. The two were tied to the attack and three other suspects were detained earlier this year.

The two latest suspects were charged with 5,000 hacks resulting in ransoms paid that totaled about 500,000 Euros ($579,000).

Following the ransomware attack, JBS agreed to pay $11 million in ransom after the company’s North American and Australian servers were breached.

During June, US law enforcement officials said REvil and Sodinokibi were behind the JBS attack.

The operation carried out by law enforcement, named GoldDust, involved 17 countries, including the United States. Arrests after the operations included REvil infrastructure and wiretapped suspects.

Following the arrests in Romania, the US Department of Justice and the FBI announced that it seized roughly $6 million in ransom payments and arrested Yaroslav Vasinskyi last month in Poland. He will face charges of deploying REvil. Vasinksyi’s charges are tied to his ransomware attack on software firm Kaseya in July that infected 1,500 businesses worldwide. Kaseya did not pay a ransom. 

“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Merrick Garland at press conference. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”