International investigators said on Monday they had arrested seven people in global raids targeting cyber criminals behind ransomware attacks worth more than half a million euros.
The arrests were linked to the Russian-based hacker group REvil, also known as Sodinokibi, and the ransomware group GandCrab, the EU police agency Europol said in a statement.
Two people were arrested last Thursday in Romania and another in Kuwait, while three were held South Korea and one in an unspecified European country during the months-long operation dubbed "GoldDust".
The global police body Interpol and EU judicial agency Eurojust were also involved in the operation, which involved a total of 17 countries, it said.
"Suspected of about 7,000 infections, the arrested affiliates asked for more than 200 million euros in ransom," the Europol statement said.
The two Romanians alone were responsible for around 5,000 infections which pocketed around half a million euros, it added.
"All these arrests follow the joint international law enforcement efforts of identification, wiretapping and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family," it said.
Ransomware is an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims' data and then demand money for restored access.
REvil, a group of Russian-speaking hackers, are prolific perpetrators blamed for a series of high-profile cyberattacks. It is said to be a successor organisation of GandCrab.
But questions about its fate emerged in July when REvil's "dark web" page disappeared two weeks after an attack which crippled hundreds of companies worldwide.
The shutdown sparked speculation about whether the move was the result of government-led action.