Five hackers linked to ransomware group REvil and responsible for thousands of cyberattacks have been arrested since February, European Union’s law enforcement agency Europol said on Monday.

The arrests of the suspects, including two on Nov. 4 by Romanian authorities, were part of Operation GoldDust that involved Europol, Eurojust and Interpol, it said.

The suspects have allegedly extorted an estimated 500 million euros ($577.70 million) from companies for restoring their computer systems after hacking them.

Last month, Reuters had exclusively reported that the group REvil was itself hacked and forced offline by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.

Former partners and associates of Russian-led criminal gang REvil, or “Ransomware-Evil,” were the ones responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil’s direct victims include top meatpacker JBS.

Operation GoldDust, to which 17 countries including the United States, the UK, France, Australia and Germany are party to, was created based on investigations targeting a prolific old ransomware strain GandCrab, which is seen as the predecessor of REvil.

($1 = 0.8655 euros)