International investigation leads to dismantlement of Ukrainian ransomware ring: Europol
Authorities suspect ring is behind attacks against large corporations in 71 countries
ROME
A major international investigation helped dismantle a Ukrainian criminal ring involved in tens of significant ransomware attacks, Europol said Tuesday.
The operation, which included Ukrainian, French, Dutch, German, Norwegian, Swiss, and US authorities, led to the arrest of the 32-year-old ringleader and four of his most active accomplices. Investigators also searched properties in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia.
The individuals are accused of being responsible for a series of high-profile ransomware attacks against organizations in 71 countries, causing losses worth hundreds of millions of euros, Europol said.
In particular, investigators believe preparators encrypted over 250 servers belonging to large corporations across the world, effectively bringing their businesses to a standstill.
They deployed LockerGoga, MegaCortex, HIVE, and Dharma ransomware, among others, to carry out their attacks.
The suspects had different roles in this criminal organization, according to the investigators.
Some of them are thought to be involved in compromising the IT networks of their targets, while others are suspected of being in charge of laundering cryptocurrency payments made by victims to decrypt their files.
“Those responsible for breaking into networks did so through techniques including brute force attacks, SQL injections and sending phishing emails with malicious attachments in order to steal usernames and passwords,” Europol said.
Once inside the networks, the attackers remained undetected and gained additional access using tools including TrickBot malware, Cobalt Strike, and PowerShell Empire, in order to compromise as many systems as possible before triggering ransomware attacks, Europol added.
This latest action follows a first round of arrests in 2021 in the framework of the same investigation.
Since then, a number of operational sprints have been organized at Europol and in Norway with the aim of forensically analyzing the devices seized in Ukraine in 2021.
“This forensic follow-up work facilitated the identification of the suspects targeted during the action last week in Kyiv,” Europol said.
Anadolu Agency website contains only a portion of the news stories offered to subscribers in the AA News Broadcasting System (HAS), and in summarized form. Please contact us for subscription options.
