The Ukrainian police arrested a 25-year-old Ukrainian national who was part of a hacker group that allegedly carried out multiple ransomware attacks against large industrial entities in Europe and the US, and one of his affiliates who was responsible for the money laundering.
The operation was carried out on September 28, 2018, by law enforcers from the French National Gendarmerie, the Ukrainian National Police, and the U.S. Federal Bureau of Investigation (FBI) with participation from the Europol’s European Cybercrime Centre and the INTERPOL’s Cyber Fusion Centre.
“The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files,” Europol said in a press statement on Monday. “They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met.”
The operation led to the arrest of two individuals and the seizure of over $375,000 in cash, freezing of cryptocurrency assets worth $1.3 million, and seizure of several luxury vehicles.
Authorities haven’t said which ransomware group the two arrested individuals are involved with, but the suspects were reportedly part of a large ransomware gang that staged a series of attacks against more than 100 different companies, which caused upwards of $150 million, according to the Ukrainian police. They were also involved in extortion schemes and asked hefty ransoms ranging between €5 to €70 million.
One of the suspects deployed a “virus software” after infiltrating networks via remote working programs (VPN) and through social engineering campaigns by sending spam to corporate email inboxes.
A few months ago, the Ukrainian authorities have arrested members of the Clop ransomware gang, which carried out attacks globally since 2019. The group was responsible for numerous infections.
Image: the Ukrainian National Police