Ransomware gang dismantled by Europol after string of raids across Ukraine
An international team of law enforcement agents, led by Europol, has arrested five individuals allegedly involved in multiple ransomware attacks.
As part of the arrests, police also raided multiple properties and seized computers, cars, bank cards, SIM cards, various electronic media and approximately $110,000 worth of cryptocurrencies.
According to TechCrunchThose arrested were part of a cyber gang carrying out attacks from Ukraine, with the group’s leader (32) also arrested during the raids.
Years of research
While neither the group nor the individuals were named, police did state that they used LockerGoga, MegaCortex, Hive and Dharma ransomware variants, with more than 1,800 people affected by the attacks worldwide.
Police accuse them of encrypting more than 250 servers of major companies and extorting “several hundreds of millions of euros” from their victims.
More than 20 officers were involved in the investigation, including those in Norway, France, Germany, the United States and Ukraine – where the arrests took place.
According to Europol, the arrests were a continuation of a 2021 investigation that resulted in the arrest of twelve individuals in Ukraine and Switzerland, with these arrests directly contributing to the discovery of the individuals arrested in Ukraine.
Ransomware is currently one of the most disruptive forms of cybercrime out there. The majority of SMBs and large enterprises have experienced a ransomware attack in recent years or expect to experience one in the coming months.
In the attack, the threat actors would first sneak past the company’s defenses (via a stolen/leaked credentials, drop malware via a zero-day vulnerability in various hardware and software, or similar) and map the endpoints on the network to take. and scan for cloud services.
They would then exfiltrate sensitive data and deploy a decryptor that would lock the company out of all its digital assets. Finally, the threat actors would demand payment in cryptocurrency in exchange for the decryption key and for not leaking the stolen data.