November 28, 2023 at 04:06AM
Law enforcement agencies from seven nations, in cooperation with Europol and Eurojust, have arrested key members of a ransomware group in Ukraine. The group paralyzed major corporations using ransomware like LockerGoga, MegaCortex, HIVE, and Dharma. The investigation revealed that the group encrypted over 250 servers, resulting in losses exceeding several hundred million euros. This operation follows previous arrests in 2021, and the international police action is supported by multiple countries and agencies.
Meeting Takeaways:
1. Law enforcement agencies from seven nations, including Europol and Eurojust, have arrested the core members of a ransomware group in Ukraine.
2. The cybercriminals used ransomware like LockerGoga, MegaCortex, HIVE, and Dharma to target major corporations and disrupt their operations.
3. The network had members with different roles, including breaching IT networks and laundering cryptocurrency payments made by victims.
4. The attackers gained access to networks through brute force attacks, SQL injection attacks, and phishing emails with malicious attachments.
5. They used various tools like TrickBot malware, Cobalt Strike, and PowerShell Empire to compromise systems and deploy ransomware.
6. The investigation revealed that over 250 servers of major corporations were encrypted, resulting in losses exceeding several hundred million euros.
7. The arrests were made in Ukraine during coordinated raids at 30 locations in Kyiv, Cherkasy, Rivne, and Vinnytsia.
8. Multiple law enforcement agencies from Norway, France, Germany, and the United States assisted in the investigation and arrests.
9. Europol established a virtual command center in the Netherlands to process the data seized during house searches.
10. This operation is part of an ongoing law enforcement action that has resulted in other arrests in 2021 related to ransomware attacks.
11. The attackers deployed ransomware like LockerGoga, MegaCortex, and Dharma, as well as malware like Trickbot and post-exploitation tools like Cobalt Strike.
12. The international police action was initiated by French authorities in September 2019 and involves locating threat actors in Ukraine and bringing them to justice.
13. Multiple law enforcement agencies from different countries are collaborating in this joint investigation, with financial support from Eurojust.
14. The list of participating law enforcement agencies includes Norway, France, Netherlands, Ukraine, Germany, Switzerland, and the United States.
15. Europol’s European Cybercrime Centre (EC3) and Eurojust are also involved in this operation.