The law enforcement agencies from seven nations in cooperation with Europol and Eurojust have arrested in Ukraine, the core members of a ransomware group linked to attacks against organizations in 71 countries.
Five individuals including the suspected ringleader of a prolific ransomware affiliate believed to have made hundreds of millions of dollars from cyber-attacks were arrested.
On November 21st, coordinated raids at 30 locations in Kyiv, Cherkasy, Rivne, and Vinnytsia resulted in the arrest of the group’s 32-year-old mastermind and the capture of four accomplices.
Some members of the gang breached IT networks, while others reportedly helped launder the cryptocurrency payments made by victims to decrypt their files.
The cybercriminals attacked major organization’s operations using ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma.
The attackers gained access to their targets’ networks by stealing user credentials through brute force and SQL injection attacks, as well as using phishing emails with malicious attachments.
Once gaining access, they used tools like TrickBot malware, Cobalt Strike, and PowerShell Empire to move laterally and compromise other systems before triggering previously deployed ransomware payloads.
On investigation it was revealed that this organized group of ransomware affiliates encrypted more than 250 servers of major corporations, leading to losses exceeding several hundred million euros.
Over 20 investigators from Norway, France, Germany, and the United States helped the Ukrainian National Police with the investigation in Kyiv. Europol also set up a virtual command center in the Netherlands to process the data seized during the house searches.
Computer equipment, cars, bank and SIM cards, ‘draft’ records, as well as dozens of electronic media and other evidence of illegal activities were seized. In particular, almost 4 million hryvnias and cryptocurrency assets.
Image Credits : Gridinsoft