Europol, in collaboration with international law enforcement partners, has made significant progress in the fight against ransomware attacks by arresting five individuals suspected of being involved in a series of cybercrimes that affected more than 1,800 victims worldwide. The arrests were carried out following a series of raids at 30 locations in Ukraine last week, resulting in the capture of the criminal gang’s ringleader and four of his most active accomplices. The suspects’ identities have not been disclosed.
Key Takeaway
Europol and its international partners have arrested five individuals involved in a series of ransomware attacks that targeted over 1,800 victims globally. The arrests were the result of a coordinated effort between law enforcement agencies from Ukraine, Norway, France, Germany, and the United States. The hackers, accused of extorting millions of euros from their victims, employed various tactics, including brute-force attacks, stolen credentials, and sophisticated malware. Europol’s investigation has also led to the development of decryption tools that allow victims to recover their files without paying a ransom.
Collaborative Efforts Lead to the Arrests
The Ukrainian National Police, with the assistance of over 20 investigators from Norway, France, Germany, and the United States, conducted the investigation in Kyiv. To support the operation, Europol established a virtual command center in the Netherlands to process the data seized during the searches. The cooperation between these agencies has been instrumental in bringing the hackers to justice.
During the raids, law enforcement officials successfully seized computer equipment, bank and phone SIM cards, vehicles, and numerous items of electronic media. Additionally, significant amounts of cryptocurrency, totaling nearly four million hryvnias (approximately $110,000), were confiscated, along with other evidence linking the suspects to illegal activities.
The Extent of the Criminal Network
The recent arrests are the culmination of a long-standing investigation that began several years ago. In 2021 alone, 12 individuals were apprehended in joint operations carried out in Ukraine and Switzerland. As a result of these earlier actions, Europol was able to identify the suspects targeted in the recently executed operation in Kyiv.
The five individuals arrested last week are accused of encrypting the servers of large corporations, affecting more than 250 networks, and extorting several hundred million euros from their victims. The cybercriminals employed various tactics, such as brute-force attacks, stolen credentials, and sophisticated malware like Trickbot, to breach the networks. They also played roles in laundering cryptocurrency payments made by victims to regain access to their stolen files.
Havoc Wreaked by the Hackers
Europol has accused the arrested individuals of causing significant damage to targeted organizations. Among the ransomware variants used by the group were LockerGoga, the same malware that was employed in the well-known cyberattack against Norwegian aluminum processor Norsk Hydro in March 2019. Other ransomware strains deployed by the hackers include MegaCortex, Hive, and Dharma.
It is worth noting that Europol’s investigation into this criminal organization has led to the development of decryption tools by the Swiss authorities, Bitdefender, and the European Union’s No More Ransom project. These tools enable victims to recover their compromised files without having to pay a ransom, providing a significant breakthrough in combating ransomware attacks.
