Europol and its international law enforcement partners have arrested five people whom authorities accuse of involvement in a series of ransomware attacks affecting more than 1,800 victims worldwide.
Those arrested, including the gang leader, 32, and four of his “most active” accomplices, were caught after a series of raids on 30 properties across Ukraine last week. Europol said in a statement on Tuesday. The suspects were not named.
More than 20 investigators from Norway, France, Germany and the United States assisted the Ukrainian National Police in the investigation in Kiev, while Europol also set up a virtual command center in the Netherlands to process data seized during the investigations.
A person has been arrested who is accused of participating in a series of ransomware attacks. Image Credits: Europol.
According a separate announcement from Ukraine’s cyber policelaw enforcement officials seized computer equipment, cars, bank and phone SIM cards, and dozens of electronic media.
Police also seized cryptocurrency assets, including nearly four million national currencies (about $110,000) and other alleged evidence of illegal activities.
The arrests are the latest in a multi-year investigation in which 12 people were arrested in 2021 in raids in Ukraine and Switzerland. Europol said in a statement on Tuesday that its previous actions “facilitated the identification of the suspects targeted during last week’s operation in Kyiv”.
The five people arrested last week are accused of encrypting more than 250 servers belonging to major companies and successfully extorting “several hundreds of millions of euros” from their victims.
The perpetrators are believed to have played different roles in the criminal network: some used brute force attacks and stole credentials to break into a victim’s network. Some used malware such as Trickbot to remain undetected and gain further access. and others are suspected of overseeing the laundering of cryptocurrency payments made by victims to regain access to their stolen files.
Europol accused the hackers of “wreaking havoc” on targeted organisations. One of the ransomware variants used by the group was LockerGoga, the same type of malware used in the cyberattack against Norwegian aluminum processor Norsk Hydro in March 2019. The attackers also developed MegaCortex, Hive and Dharma ransomware, according to the announcement. Europol.
Europol’s investigation into this criminal organization also allowed Swiss authorities, in collaboration with Bitdefender and the European Union’s No More Ransom project, to develop decryption tools for the LockerGoga and MegaCortex ransomware variants. These tools allow victims to recover their stolen files without having to pay a ransom.
