Europol shutters ransomware operation with kingpin arrests

Europol shutters ransomware operation with kingpin arrests

November 28, 2023 at 08:53AM

A major cybercrime group that had been under investigation for over four years has been dismantled, according to Europol. The joint investigation team, led by French authorities, made five arrests, including the group’s leader and four accomplices. The group, responsible for attacking organizations in 71 countries, used various ransomware strains and successfully targeted more than 250 servers. The arrests were made after a delay caused by the war in Ukraine and the need to gather sufficient evidence for prosecution. Some members of the group are still being sought.

Key takeaways from the meeting notes are as follows:

1. International law enforcement investigators have made several arrests of a major cybercrime group after tracking them for over four years.

2. The joint investigation team (JIT), led by French authorities, was formed in 2019 to target a ransomware group responsible for significant attacks worldwide.

3. Five individuals, including the group’s leader and four accomplices, were recently arrested. The arrests resulted in the “dismantlement” of the group, although some lesser-ranking members are still being sought.

4. Thirty properties in Ukraine were raided in November, leading to the seizure of electronic devices and other evidence.

5. The analysis of the seized devices helped identify the key members of the cybercrime group.

6. The arrests were preceded by 12 others made in 2021, with members of the same group apprehended in Ukraine and Switzerland. Electronic devices, cash, and luxury vehicles were seized during those arrests.

7. The investigations involved collaboration with Norwegian authorities and organizing multiple operational sprints over the past two years.

8. The timing of the arrests was delayed due to the need to gather sufficient evidence to prosecute the cybercriminals, as well as the reorganization of the operation after the war in Ukraine.

9. The names of the arrested individuals and the specific ransomware group have not been disclosed. The group utilized various strains, including LockerGoga, MegaCortex, Hive, and Dharma, to attack organizations in 71 countries and accumulate significant financial gains.

10. The arrested individuals were not core members of the groups behind the ransomware strains used, but they were involved in other incidents under separate investigations.

11. The cybercriminals utilized techniques such as brute force attacks, SQL injections, phishing emails, and the use of malware tools like TrickBot, Cobalt Strike, and PowerShell Empire to infiltrate networks and execute ransomware attacks.

Full Article