Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Pierluigi Paganini January 14, 2022

Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. and Europe.

Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S. and Europe.

The operation was conducted by the SBU Cyber ​​Department together with the Cyber ​​Police Department and National Police Investigators with the support of the competent authorities of the United States and Great Britain.

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks.

The group was also carrying out DDoS attacks to paralyze the networks of the victims and force them to pay the ransom. The total losses resulting from the attacks are more than one million U.S. dollars.

“Criminals who carried out hacker attacks on foreign companies and provided paid services to exchange IP addresses to other hackers were exposed. According to preliminary estimates, the group “earned” more than $ 1 million during its operation.” reads the press release published by the Ukrainian Security Service (SSU).

The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

“They administered the service from home personal computers, and in order to avoid responsibility for their illegal activities, they disguised themselves under various nicknames on the Darknet network.” continues the press release.

“The services were popular among members of international hacker groups, who regularly:

  • hacked the systems of government and commercial institutions to collect confidential information;
  • spread extortion viruses that encrypt information available on the PC and demand a “ransom” from the user for the key; 
  • carried out DDoS attacks to paralyze systems, etc.”

To cash out the funds received as ransom payments, the cybercrime group carried out complex financial transactions using online payment services that are banned in Ukraine, they used an extensive network of fictitious identities.

Police carried out searches at the place of actual residence and stay of the suspects, they seized cars, mobile phones, computer equipment, and other material evidence of illegal activity.

The suspects face multiple criminal charges, including money laundering, unauthorized access to computers and networks, and the creation, use, distribution, and sale of malware and hacking tools.

“Criminal proceedings have been instituted under Part 2 of Article 361 (Unauthorized interference in the work of computers, automated systems, computer networks or telecommunications networks), Part 2 of Art. 361-1 (Creation for the use, distribution or sale of malicious software or hardware, as well as their distribution or sale), Art. 209 (Legalization (laundering) of property obtained by criminal means) of the Criminal Code of Ukraine. Investigative actions continue.” states the Ukrainian CyberPolice.

Officials confirmed that the suspects are also wanted by foreign law enforcement. 

Recently Ukrainian police targeted several cybercriminal organizations and crooks, below is the list of some operations conducted by law enforcement:

  • February 2021 – several members of the Egregor ransomware gang were arrested
  • June 2021 – Operation Cyclone – police dismantled a group who laundered money for the Clop ransomware gang
  • October 2021 – two ransomware operators were arrested in Kyiv with EUROPOL’s support
  • October 2021 – police arrested 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. The gang was distributing the LockerGoga and MegaCortex ransomware families.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IKEA)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment