In cooperation with Europol and Eurojust, legislation enforcement businesses from seven nations have arrested in Ukraine the core members of a ransomware group linked to assaults towards organizations in 71 nations.
The cybercriminals paralyzed main companies’ operations in assaults utilizing ransomware comparable to LockerGoga, MegaCortex, HIVE, and Dharma.
Roles inside this prison community diverse considerably: some members breached IT networks, whereas others reportedly helped launder the cryptocurrency funds made by victims to decrypt their recordsdata.
The attackers gained entry to their targets’ networks by stealing person credentials in brute pressure and SQL injection assaults, in addition to utilizing phishing emails with malicious attachments.
As soon as in, they used instruments like TrickBot malware, Cobalt Strike, and PowerShell Empire to maneuver laterally and compromise different programs earlier than triggering beforehand deployed ransomware payloads.
The investigation unveiled that this organized group of ransomware associates encrypted greater than 250 servers of main companies, resulting in losses exceeding a number of hundred million euros.
Ransomware gang arrests in Ukraine
On November twenty first, coordinated raids at 30 areas in Kyiv, Cherkasy, Rivne, and Vinnytsia resulted within the arrest of the group’s 32-year-old mastermind and the seize of 4 accomplices.
Over 20 investigators from Norway, France, Germany, and the USA helped the Ukrainian Nationwide Police with the investigation in Kyiv. Europol additionally arrange a digital command heart within the Netherlands to course of the info seized throughout the home searches.
This operation follows different arrests in 2021 as a part of the identical legislation enforcement motion when police detained 12 people linked to ransomware assaults towards 1,800 victims in 71 nations.
Because the investigation revealed two years in the past, the attackers deployed LockerGoga, MegaCortex, and Dharma ransomware. In addition they used malware like Trickbot and post-exploitation instruments comparable to Cobalt Strike of their assaults.
Subsequent efforts at Europol and in Norway targeted on analyzing information on gadgets seized in Ukraine in 2021 and helped establish further suspects arrested one week in the past in Kyiv.
This worldwide police motion was initiated by French authorities in September 2019 and focuses on finding risk actors in Ukraine and bringing them to justice with the assistance of a joint investigation staff (JIT) comprising Norway, France, the UK, and Ukraine, with monetary assist from Eurojust and collaborating with Dutch, German, Swiss, and U.S. authorities.
The record of taking part legislation enforcement businesses contains:
- Norway: Nationwide Prison Investigation Service (Kripos)
- France: Public Prosecutor’s Workplace of Paris, Nationwide Police (Police Nationale – OCLCTIC)
- Netherlands: Nationwide Police (Politie), Nationwide Public Prosecution Service (Landelijk Parket, Openbaar Ministerie)
- Ukraine: Prosecutor Basic’s Workplace (Офіс Генерального прокурора), Nationwide Police of Ukraine (Національна поліція України)
- Germany: Public Prosecutor’s Workplace of Stuttgart, Police Headquarters Reutlingen (Polizeipräsidium Reutlingen) CID Esslingen
- Switzerland: Swiss Federal Workplace of Police (fedpol), Polizei Basel-Landschaft, Public Prosecutor’s Workplace of the canton of Zurich, Zurich Cantonal Police
- United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI)
- Europol: European Cybercrime Centre (EC3)
- Eurojust
