In cooperation with Europol and Eurojust, legislation enforcement companies from seven nations have arrested in Ukraine the core members of a ransomware group linked to assaults in opposition to organizations in 71 international locations.

The cybercriminals paralyzed main firms’ operations in assaults utilizing ransomware comparable to LockerGoga, MegaCortex, HIVE, and Dharma.

Roles inside this felony community assorted considerably: some members breached IT networks, whereas others reportedly helped launder the cryptocurrency funds made by victims to decrypt their recordsdata.

The attackers gained entry to their targets’ networks by stealing consumer credentials in brute power and SQL injection assaults, in addition to utilizing phishing emails with malicious attachments.

As soon as in, they used instruments like TrickBot malware, Cobalt Strike, and PowerShell Empire to maneuver laterally and compromise different methods earlier than triggering beforehand deployed ransomware payloads.

The investigation unveiled that this organized group of ransomware associates encrypted greater than 250 servers of main firms, resulting in losses exceeding a number of hundred million euros.

Ransomware gang arrests in Ukraine

On November twenty first, coordinated raids at 30 places in Kyiv, Cherkasy, Rivne, and Vinnytsia resulted within the arrest of the group’s 32-year-old mastermind and the seize of 4 accomplices.

Over 20 investigators from Norway, France, Germany, and the USA helped the Ukrainian Nationwide Police with the investigation in Kyiv. Europol additionally arrange a digital command heart within the Netherlands to course of the info seized throughout the home searches.

This operation follows different arrests in 2021 as a part of the identical legislation enforcement motion when police detained 12 people linked to ransomware assaults in opposition to 1,800 victims in 71 international locations.

Because the investigation revealed two years in the past, the attackers deployed LockerGoga, MegaCortex, and Dharma ransomware. Additionally they used malware like Trickbot and post-exploitation instruments comparable to Cobalt Strike of their assaults.

Subsequent efforts at Europol and in Norway centered on analyzing knowledge on gadgets seized in Ukraine in 2021 and helped establish further suspects arrested one week in the past in Kyiv.

This worldwide police motion was initiated by French authorities in September 2019 and focuses on finding menace actors in Ukraine and bringing them to justice with the assistance of a joint investigation workforce (JIT) comprising Norway, France, the UK, and Ukraine, with monetary help from Eurojust and collaborating with Dutch, German, Swiss, and U.S. authorities.

The record of collaborating legislation enforcement companies contains:

• Norway: Nationwide Felony Investigation Service (Kripos)
• France: Public Prosecutor’s Workplace of Paris, Nationwide Police (Police Nationale – OCLCTIC)
• Netherlands: Nationwide Police (Politie), Nationwide Public Prosecution Service (Landelijk Parket, Openbaar Ministerie)
• Ukraine: Prosecutor Normal’s Workplace (Офіс Генерального прокурора), Nationwide Police of Ukraine (Національна поліція України)
• Germany: Public Prosecutor’s Workplace of Stuttgart, Police Headquarters Reutlingen (Polizeipräsidium Reutlingen) CID Esslingen
• Switzerland: Swiss Federal Workplace of Police (fedpol), Polizei Basel-Landschaft, Public Prosecutor’s Workplace of the canton of Zurich, Zurich Cantonal Police
• United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI) 
• Europol: European Cybercrime Centre (EC3)
• Eurojust