[BreachExchange] Ransomware operators behind hundreds of attacks arrested in Ukraine

[Sophia Kingsbury]

https://www.bleepingcomputer.com/news/security/ransomware-operators-behind-hundreds-of-attacks-arrested-in-ukraine/

Europol has announced the arrest of two men in Ukraine, said to be members
of a prolific ransomware operation that extorted victims with ransom
demands ranging between €5 to €70 million.

Two arrests in Ukraine

The international law enforcement operation was conducted in coordination
with the FBI, the French police (Gendarmerie Nationale), and the Ukrainian
National Police (Національна поліція України). In total, the police
officers performed seven property searches, seized $375,000 in cash, and
two luxury vehicles that cost about $250,000. Furthermore, the
investigators froze $1.3 million worth of crypto that is believed to be
linked to ransom payments.

Coordinated announcements from Europol and the Ukrainian police describe
the suspects as members of a top-tier group, but Europol told
BleepingComputer that they could not name the group for operational reasons.

"Both these individuals were part of the same group which focused not only
on ransom attacks, but also laundered criminal funds," Europol told
BleepingComputer.

Both suspects were arrested in Kyiv City, with one of the individuals
described as a 25-year old male "hacker."

The law enforcement agencies attribute approximately a hundred cyberattacks
to the gang, starting in April 2020, that targeted North American and
European entities. As for the modus operandi, it follows the typical
network compromise, malware deployment, data exfiltration, and eventually
the encryption of all local files.

The initial points of compromise are the victim's VPN tool or through
emails to employees that drop payloads on their computers.

It is estimated that the total damages caused to the victimized
organizations are $150 million.

The law enforcement operation took the combined efforts of six French
investigators, four from the FBI, one Interpol officer, and two of
Europol’s cybercrime specialists.

Disrupting ransomware operations

These arrests will likely not bring down an entire Ransomware-as-a-Service
(RaaS) operation. However, law enforcement has been increasingly targeting
individual members as a way to disrupt gang's activities.

Furthermore, Successful law enforcement operations tend to have chilling
effects on the operation of illegal hacking groups as they spread fear and
uncertainty among the other members, commonly leading to the group's
shutdown or rebranding.

The announcement from Ukraine's cyber-police says the arrested individuals
face up to twelve years in prison for violations of two articles of the
criminal code in the country, one for unauthorized interference in computer
networks and systems, and one for money laundering.

The Ukrainian police also arrested other individuals this year believed to
be members of the Clop and Egregor ransomware operations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211004/0a1e2a22/attachment.html>