[ad_1]
Coordinated law enforcement action led to the arrest of two “prolific ransomware operators” in Ukraine, Europol found.
The strike was carried out between the French National Gendarmerie, the Ukrainian National Police and the United States Federal Bureau of Investigation (FBI) in collaboration with Europol and INTERPOL September 28. Although neither the individuals nor the gang to which they would belong were named, Europol said they were “known for their exorbitant ransom demands (between 5 and 70 million euros)”.
The group has reportedly targeted many “very large industrial groups in Europe and North America” ​​since April 2020. They are also known for their “double extortion” tactics, deploying malware and stealing sensitive data from their victims in addition to encrypting their files. . They would then demand a large ransom payment or risk exposing the stolen data to the dark web.
Ukrainian authorities said the suspects were responsible for attacks on more than 100 global organizations, causing more than $ 150 million in damages.
In addition to the two arrests, the joint action by law enforcement resulted in seven real estate searches, the seizure of $ 375,000 in cash, the seizure of two luxury vehicles worth € 217,000 and the $ 1.3 million cryptocurrency holdings freeze.
Europol helped bring law enforcement together to establish a common strategy, including the creation of a virtual command post. The operation involved six investigators from the French gendarmerie, four from the American FBI, a prosecutor from the French public prosecutor’s office in Paris, two specialists from Europol’s European Center for the fight against cybercrime (EC3) and an INTERPOL officer alongside the Ukrainian national police.
Providing additional insight into the tactics used by ransomware operators, Stefano De Blasi, Threat Researcher at Digital shadows, said: “The suspects have allegedly compromised their victims through phishing campaigns and by targeting remote work tools such as Remote Desktop Protocol (RDP) and Virtual Private Networks (VPN). This observation highlights the extent to which social engineering remains a vital access vector for threat actors, human curiosity often being exploited to bypass technological defenses. Additionally, the use of RDP and VPN to compromise organizations suggests that suspects likely gained access to victims by purchasing Initial Access Broker (IAB) listings on cybercriminal forums and marketplaces.
He added: “Europol also said the transaction resulted in the freezing of $ 1.3 million in crypto wallets seized by the group. Ukrainian police said the suspects had an accomplice who helped the group launder money earned through illicit means. The use of individuals skilled in money laundering has been an important factor in the development of ransomware groups into an effective criminal business model. While law enforcement has not named the ransomware gang behind this operation, it is unclear what the extent of the operation will be on the group in question or the broader ransomware ecosystem.
“While lone operations will not address the ransomware threat overnight, law enforcement operations can have a significant impact on targeted ransomware groups, often resulting in their suspension or disruption. activity. These raids can reach their greatest potential when combined with diplomatic efforts, innovative policies and effective public-private partnerships. “
[ad_2]
