In cooperation with Europol and Eurojust, legislation enforcement businesses from seven nations have arrested in Ukraine the core members of a ransomware group linked to assaults towards organizations in 71 nations.
The cybercriminals paralyzed main companies’ operations in assaults utilizing ransomware similar to LockerGoga, MegaCortex, HIVE, and Dharma.
Roles inside this legal community different considerably: some members breached IT networks, whereas others reportedly helped launder the cryptocurrency funds made by victims to decrypt their information.
The attackers gained entry to their targets’ networks by stealing consumer credentials in brute drive and SQL injection assaults, in addition to utilizing phishing emails with malicious attachments.
As soon as in, they used instruments like TrickBot malware, Cobalt Strike, and PowerShell Empire to maneuver laterally and compromise different techniques earlier than triggering beforehand deployed ransomware payloads.
The investigation unveiled that this organized group of ransomware associates encrypted greater than 250 servers of main companies, resulting in losses exceeding a number of hundred million euros.
Ransomware gang arrests in Ukraine
On November twenty first, coordinated raids at 30 places in Kyiv, Cherkasy, Rivne, and Vinnytsia resulted within the arrest of the group’s 32-year-old mastermind and the seize of 4 accomplices.
Over 20 investigators from Norway, France, Germany, and the USA helped the Ukrainian Nationwide Police with the investigation in Kyiv. Europol additionally arrange a digital command middle within the Netherlands to course of the information seized throughout the home searches.
This operation follows different arrests in 2021 as a part of the identical legislation enforcement motion when police detained 12 people linked to ransomware assaults towards 1,800 victims in 71 nations.
Because the investigation revealed two years in the past, the attackers deployed LockerGoga, MegaCortex, and Dharma ransomware. Additionally they used malware like Trickbot and post-exploitation instruments similar to Cobalt Strike of their assaults.
Subsequent efforts at Europol and in Norway targeted on analyzing information on units seized in Ukraine in 2021 and helped determine further suspects arrested one week in the past in Kyiv.
This worldwide police motion was initiated by French authorities in September 2019 and focuses on finding menace actors in Ukraine and bringing them to justice with the assistance of a joint investigation staff (JIT) comprising Norway, France, the UK, and Ukraine, with monetary assist from Eurojust and collaborating with Dutch, German, Swiss, and U.S. authorities.
The listing of taking part legislation enforcement businesses consists of:
- Norway: Nationwide Felony Investigation Service (Kripos)
- France: Public Prosecutor’s Workplace of Paris, Nationwide Police (Police Nationale – OCLCTIC)
- Netherlands: Nationwide Police (Politie), Nationwide Public Prosecution Service (Landelijk Parket, Openbaar Ministerie)
- Ukraine: Prosecutor Normal’s Workplace (Офіс Генерального прокурора), Nationwide Police of Ukraine (Національна поліція України)
- Germany: Public Prosecutor’s Workplace of Stuttgart, Police Headquarters Reutlingen (Polizeipräsidium Reutlingen) CID Esslingen
- Switzerland: Swiss Federal Workplace of Police (fedpol), Polizei Basel-Landschaft, Public Prosecutor’s Workplace of the canton of Zurich, Zurich Cantonal Police
- United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI)
- Europol: European Cybercrime Centre (EC3)
- Eurojust
