- Digital twins are optimizing supply chains and more. Here's why enterprises should care
- Getting Out in Front of Post-Quantum Threats with Crypto Agility
- Join Sam's Club for $15 - the lowest price we've seen. Here's how
- Meta's new $299 Quest 3S is the VR headset most people should buy this holiday season
- Get Microsoft Office 2019 for Windows or Mac for $25
Ukraine Police Dismantle Major Ransomware Group
Police in Ukraine have arrested five individuals including the suspected ringleader of a prolific ransomware affiliate believed to have made hundreds of millions of dollars from cyber-attacks.
Law enforcers and judicial authorities from seven countries joined forces with Europol to dismantle the group, searching 30 properties in Kyiv, Cherkasy, Rivne and Vinnytsia on November 21.
The five suspects are believed to be part of an organized cybercrime network responsible for attacks that encrypted 250 servers belonging to large organizations in 71 countries. They deployed the LockerGoga, MegaCortex, Hive and Dharma variants, according to Europol.
Initial access was achieved through brute force attacks, SQL injections and phishing emails with malicious attachments, while post-exploitation activity included use of TrickBot malware, Cobalt Strike and PowerShell Empire.
Read more on ransomware: Norsk Hydro Admits Ransomware Costs May Have Hit $41m
Twenty investigators from Norway, France, Germany and the US were sent to Kyiv to assist local police in making the arrests. They come after a similar raid in 2021, which resulted in the arrest of a further 12 suspects thought to be involved in the gang.
Those arrested last week, including the suspected 32-year-old ringleader, had different roles in the group – with some involved in compromising victims’ IT networks and others tasked with laundering cryptocurrency payments, Europol claimed.
The latest arrests are the culmination of a four-year operation which began when the French authorities set up a joint investigation team (JIT) with Norway the UK and Ukraine, later to be joined by officers from the Netherlands, Germany, Switzerland and the US.
Thanks to their work, the Swiss authorities – alongside No More Ransom and Bitdefender – were able to create decryptors for LockerGoga and MegaCortex.