A well-coordinated law enforcement operation has resulted in the apprehension of key individuals in Ukraine suspected to be involved in multiple ransomware schemes.
Europol announced a few hours ago that, on 21 November, a total of 30 properties were searched across the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia. This led to the arrest of a 32-year-old ringleader, along with the detention of four of his most active accomplices. This development follows over two years after the apprehension of 12 individuals connected to the same operation. The implicated individuals are primarily associated with the LockerGoga, MegaCortex, and Dharma ransomware families.
Since 2019, it is estimated that these suspects targeted over 1,800 victims in 71 countries. Additionally, they are accused of deploying the now-defunct Hive ransomware against high-profile organizations.
The investigation suggests that some of the collaborators engaged in illicit activities such as orchestrating brute-force attacks, SQL injections, and sending phishing emails with malicious attachments. These methods were employed to steal usernames and passwords and gain unauthorized access to IT networks.
Upon successful infiltration, the attackers moved stealthily within the compromised networks, deploying additional malware and post-exploitation tools, including TrickBot, Cobalt Strike, and PowerShell Empire, ultimately delivering file-encrypting malware.
Other members of the cybercrime network are suspected to be responsible for laundering cryptocurrency payments made by victims seeking to decrypt their files. Europol stated that the perpetrators encrypted over 250 servers of large corporations, resulting in losses exceeding several hundreds of millions of euros.
The collaborative effort involved law enforcement authorities from France, Germany, the Netherlands, Norway, Switzerland, Ukraine, and the United States.
This announcement comes less than two weeks after Europol and Eurojust reported the dismantling of a prolific voice phishing gang by Czech and Ukrainian police. The gang is believed to have gained millions in illegal profits by deceiving victims into transferring funds from their ‘compromised’ bank accounts to ‘safe’ bank accounts under their control. Additionally, it comes in the wake of a disclosure by Europol one month prior, in which law enforcement agencies from eleven countries dismantled the infrastructure linked to the Ragnar Locker ransomware and apprehended a significant individual in France.
CyberSec84 | Cybersecurity news. 
Leave a comment