Jump to content
  • Police dismantle ransomware group behind attacks in 71 countries


    Karlston

    • 484 views
    • 4 minutes
     Share


    • 484 views
    • 4 minutes

    In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.

     

    The cybercriminals paralyzed major corporations' operations in attacks using ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma.

     

    Roles within this criminal network varied significantly: some members breached IT networks, while others reportedly helped launder the cryptocurrency payments made by victims to decrypt their files.

     

    The attackers gained access to their targets' networks by stealing user credentials in brute force and SQL injection attacks, as well as using phishing emails with malicious attachments.

     

    Once in, they used tools like TrickBot malware, Cobalt Strike, and PowerShell Empire to move laterally and compromise other systems before triggering previously deployed ransomware payloads.

     

    The investigation unveiled that this organized group of ransomware affiliates encrypted more than 250 servers of major corporations, leading to losses exceeding several hundred million euros.

     

    Ransomware gang arrests in Ukraine

    On November 21st, coordinated raids at 30 locations in Kyiv, Cherkasy, Rivne, and Vinnytsia resulted in the arrest of the group's 32-year-old mastermind and the capture of four accomplices.

     

    Over 20 investigators from Norway, France, Germany, and the United States helped the Ukrainian National Police with the investigation in Kyiv. Europol also set up a virtual command center in the Netherlands to process the data seized during the house searches.

     

    "With the support of the TOR special unit, law enforcement officers conducted more than 30 authorized searches in the premises and cars of the suspects in Kyiv region, as well as in Cherkasy, Rivne, and Vinnytsia regions," the National Police of Ukraine' Department of Cyber Police said today [automated translation].

     

    "Computer equipment, cars, bank and SIM cards, 'draft' records, as well as dozens of electronic media and other evidence of illegal activities were seized. In particular, almost 4 million hryvnias and cryptocurrency assets."

     

    This operation follows other arrests in 2021 as part of the same law enforcement action when police detained 12 more suspects part of the same ransomware group linked to attacks against 1,800 victims in 71 countries.

     

    As the investigation revealed two years ago, the attackers deployed LockerGoga, MegaCortex, and Dharma ransomware. They also used malware like Trickbot and post-exploitation tools such as Cobalt Strike in their attacks.

     

    Subsequent efforts at Europol and in Norway focused on analyzing data on devices seized in Ukraine in 2021 and helped identify additional suspects arrested one week ago in Kyiv.

     

    The forensic analysis also allowed Swiss authorities to develop decryption tools for the LockerGoga and MegaCortex ransomware variants in collaboration with No More Ransom partners and Bitdefender.

     

    This international police action was initiated by French authorities in September 2019 and focuses on locating threat actors in Ukraine and bringing them to justice with the help of a joint investigation team (JIT) comprising Norway, France, the United Kingdom, and Ukraine, with financial support from Eurojust and collaborating with Dutch, German, Swiss, and U.S. authorities.

     

    The list of participating law enforcement agencies includes:

     

    • Norway: National Criminal Investigation Service (Kripos)
    • France: Public Prosecutor’s Office of Paris, National Police (Police Nationale - OCLCTIC)
    • Netherlands: National Police (Politie), National Public Prosecution Service (Landelijk Parket, Openbaar Ministerie)
    • Ukraine: Prosecutor General’s Office (Офіс Генерального прокурора), National Police of Ukraine (Національна поліція України)
    • Germany: Public Prosecutor’s Office of Stuttgart, Police Headquarters Reutlingen (Polizeipräsidium Reutlingen) CID Esslingen
    • Switzerland: Swiss Federal Office of Police (fedpol), Polizei Basel-Landschaft, Public Prosecutor's Office of the canton of Zurich, Zurich Cantonal Police
    • United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI) 
    • Europol: European Cybercrime Centre (EC3)
    • Eurojust

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...