Eng
Esp

Copyright © 2024 Euromaidanpress.com

The work of Euromaidan Press is supported by the International Renaissance Foundation

When referencing our materials, please include an active hyperlink to the Euromaidan Press material and a maximum 500-character extract of the story. To reprint anything longer, written permission must be acquired from [email protected].

Privacy and Cookie Policies.

Europol: Key ransomware suspects arrested in Ukraine

Europol leads an international operation that successfully dismantles a Ukrainian ransomware group, causing substantial global financial losses.
byYuri Zoria
28/11/2023
2 minute read
International law enforcers during the searches in Ukraine at a property of a suspect, believed to be a ransomware gang member. Photo: europol.europa.eu
Europol: Key ransomware suspects arrested in Ukraine

On 28 November, Europol reported that law enforcement agencies from seven countries had arrested the ringleader and four other key figures of a hacker gang operating from Ukraine, which used ransomware to illicitly extract hundreds of millions of euros from their victims.

“In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations wreaking havoc across the world,” Europol says.

On 21 November, a series of 30 property searches were conducted across the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, leading to the apprehension of the 32-year-old ringleader. Additionally, four of the most active associates of the ringleader were also taken into custody, according to Europol.

To aid the Ukrainian National Police in their investigative efforts, over 20 investigators from Norway, France, Germany, and the United States were deployed to Kyiv. This collaborative effort was mirrored at Europol’s headquarters in the Netherlands, where a virtual command post was activated to promptly analyze the data seized during the searches conducted in Ukraine.

This recent action builds upon arrests made in 2021 as part of the same investigation. Since then, Europol and Norway conducted operational sprints to analyze seized devices from Ukraine, aiding in the identification of last week’s suspects in Kyiv.

Europol says the suspects are linked to a network behind high-profile ransomware attacks spanning 71 countries, notably targeting large corporations. They utilized ransomware like LockerGoga, MegaCortex, HIVE, and Dharma. Some had roles in compromising IT networks, while others handled cryptocurrency laundering. They gained access through techniques like brute force attacks, SQL injections, and phishing emails with malicious attachments to steal credentials.

After infiltrating networks, the attackers went undetected, expanding access with tools like TrickBot, Cobalt Strike, and PowerShell Empire. They encrypted over 250 servers from major corporations, incurring losses surpassing hundreds of millions of euros.

Read also:

 

 

 

You could close this page. Or you could join our community and help us produce more materials like this.  We keep our reporting open and accessible to everyone because we believe in the power of free information. This is why our small, cost-effective team depends on the support of readers like you to bring deliver timely news, quality analysis, and on-the-ground reports about Russia's war against Ukraine and Ukraine's struggle to build a democratic society. A little bit goes a long way: for as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support. Become a Patron!

To suggest a correction or clarification, write to us here

You can also highlight the text and press Ctrl + Enter

Please leave your suggestions or corrections here



    Euromaidan Press

    We are an independent media outlet that relies solely on advertising revenue to sustain itself. We do not endorse or promote any products or services for financial gain. Therefore, we kindly ask for your support by disabling your ad blocker. Your assistance helps us continue providing quality content. Thank you!

    Related Posts