European cyber police, working with Europol, have arrested a 32-year-old man, who is the alleged ringleader, and four suspected hackers in Ukraine as part of a big crackdown on ransomware operations.
The arrests are part of a global ransomware crackdown. The ransomware gang, accused of successfully extorting "several hundred million euros," targeted victims across 71 countries, according to the BBC.
The ransomware gang arrests were carried out through a coordinated effort, with law enforcement authorities conducting raids across Ukraine.
During these operations, laptops were seized, and the suspects were apprehended. The arrested individuals are believed to be responsible for a series of high-profile ransomware attacks that significantly impacted large corporations across various sectors.
Ransomware, a form of malicious software that encrypts systems and demands a ransom—usually in cryptocurrency—for the release of the data, has become a pervasive threat. The individuals under investigation are accused of deploying multiple ransomware variants, including LockerGoga, MegaCortex, HIVE, and Dharma, to carry out their attacks.
π Int'l collaboration leads to the dismantlement of ransomware group in πΊπ¦ amidst ongoing war.
β οΈ The unprecedented effort brought law enforcement & judicial authorities from 7 countries together with Europol & @Eurojust to apprehend key players.
β‘οΈ https://t.co/U07E85aaKm pic.twitter.com/trFzZNeozz— Europol (@Europol) November 28, 2023
Long-Term Investigation Led to Bust of Notorious Hacker Group
The suspects played diverse roles within the criminal organization, according to Europol's media release. Some were involved in compromising IT networks through techniques like brute-force attacks and phishing, while others focused on laundering cryptocurrency payments made by victims to regain access to their files.
Europol, spearheading the operation, highlighted the gang's use of sophisticated tactics to remain undetected within compromised networks. The perpetrators utilized tools like TrickBot malware, Cobalt Strike, and PowerShell Empire to gain additional access before triggering ransomware attacks.
This development builds on a years-long investigation that saw 12 individuals arrested in 2021 in raids conducted in Ukraine and Switzerland. The information gathered during these earlier actions made the arrests last week possible, per TechCrunch.
According to a media release, Europol emphasized the devastating impact of the hackers on targeted organizations, citing the havoc wrought by ransomware variants like LockerGoga, previously used in the 2019 cyberattack against Norsk Hydro.
The investigation also enabled Swiss authorities, in collaboration with Bitdefender and the European Union's No More Ransom project, to develop decryption tools for LockerGoga and MegaCortex ransomware, providing victims with a means to recover their files without paying a ransom.
Read Also: Foxconn's $1.5 Billion Investment in India to Align with Apple's Supply Chain Goals
Law Enforcement Boost Global Anti-Ransomware Campaign
As law enforcement agencies globally intensify efforts to combat ransomware, these arrests mark a significant milestone in disrupting cybercriminal networks responsible for large-scale attacks on businesses and organizations.
The ongoing challenge, however, lies in addressing the evolving tactics employed by these cyber actors and ensuring the security of digital infrastructure worldwide.
Ransomware continues to pose a severe threat, with criminal enterprises frequently adapting their methods to exploit vulnerabilities in cybersecurity defenses. The arrested individuals are part of a network that employs sophisticated strategies, not only encrypting data but also disrupting critical operations of large corporations.
Europol stressed the need for a global response to ransomware attacks. While the dismantling of this ransomware operation is a significant achievement, cybersecurity experts emphasize the importance of ongoing vigilance and continuous improvement in defense mechanisms.
Cybercriminals are known to adapt quickly to security measures, necessitating a dynamic and proactive approach to cybersecurity.
The British Library revealed in recent weeks that fraudsters have disrupted internet services on its IT systems. Subsequently, the US Cyber Security and Infrastructure Agency (CISA) warned of a fresh wave of ransomware assaults targeting a common software weakness.
Related Article: Google Drive Glitch Erases Months of Data, Affected Users Desperate for File Recovery: Report
