Ransomware gang dismantled by Europol after string of raids across Ukraine

Five individuals arrested after a joint effort spearheaded by Europol

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

An international team of law enforcement agents, spearheaded by Europol, arrested five individuals allegedly involved in multipleransomwareattacks.

As part of the arrests, the police also raided multiple properties and confiscated computers, cars, bank cards, SIM cards, various items of electronic media, and roughly $110,000 in cryptocurrencies.

According toTechCrunch, those arrested were part of a cyber gang performing attacks from within Ukraine, with the groups leader (32) also being arrested during the raids.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Years-long investigation

While neither the group, nor the individuals, were named, the police did state that they used LockerGoga, MegaCortex, Hive, and Dharma ransomware variants, with more than 1,800 people worldwide being affected by the attacks.

The police accuse them of encrypting more than 250 servers belonging to large corporations and extorting “several hundred million euros” from their victims.

There were more than 20 agents involved in the investigation, including those in Norway, France, Germany, the United States, and Ukraine - where the arrests were made.

According to Europol, the arrests were a continuation of a 2021 investigation that resulted in the arrest of 12 individuals in Ukraine and Switzerland with these arrests directly contributing to the discovery of the individuals arrested in Ukraine.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Ransomware is currently one of the most disruptive forms of cybercrime out there. The majority of SMBs and enterprises out there have either experienced a ransomware attack in the last couple of years or are expecting to suffer one in the coming months.

In the attack, the threat actors would first sneak their way past the company’s defenses (either via a stolen/leaked credential, dropping malware via a zero-day vulnerability in different hardware and software, or similar), map out theendpointson the network, and scan for cloud services.

Then, they would exfiltrate sensitive data and deploy a decryptor which would lock the company out of all of its digital assets. Finally, the threat actors would demand payment in cryptocurrency, in exchange for the decryption key and for not leaking the stolen data.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere