Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. and Europe.

Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S. and Europe.

The operation was conducted by the SBU Cyber Department together with the Cyber Police Department and National Police Investigators with the support of the competent authorities of the United States and Great Britain.

The gang was targeting organizations via spam campaigns to spread ransomware, however, the police did not disclose the malware family used by the group in its attacks.

The group was also carrying out DDoS attacks to paralyze the networks of the victims and force them to pay the ransom. The total losses resulting from the attacks are more than one million U.S. dollars.

“Criminals who carried out hacker attacks on foreign companies and provided paid services to exchange IP addresses to other hackers were exposed. According to preliminary estimates, the group “earned” more than $ 1 million during its operation.” reads the press release published by the Ukrainian Security Service (SSU).

Source SSU

The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization.

“They administered the service from home personal computers, and in order to avoid responsibility for their illegal activities, they disguised themselves under various nicknames on the Darknet network.” continues the press release.

“The services were popular among members of international hacker groups, who regularly:

hacked the systems of government and commercial institutions to collect confidential information;
spread extortion viruses that encrypt information available on the PC and demand a “ransom” from the user for the key;
carried out DDoS attacks to paralyze systems, etc.”

To cash out the funds received as ransom payments, the cybercrime group carried out complex financial transactions using online payment services that are banned in Ukraine, they used an extensive network of fictitious identities.

Police carried out searches at the place of actual residence and stay of the suspects, they seized cars, mobile phones, computer equipment, and other material evidence of illegal activity.

The suspects face multiple criminal charges, including money laundering, unauthorized access to computers and networks, and the creation, use, distribution, and sale of malware and hacking tools.

“Criminal proceedings have been instituted under Part 2 of Article 361 (Unauthorized interference in the work of computers, automated systems, computer networks or telecommunications networks), Part 2 of Art. 361-1 (Creation for the use, distribution or sale of malicious software or hardware, as well as their distribution or sale), Art. 209 (Legalization (laundering) of property obtained by criminal means) of the Criminal Code of Ukraine. Investigative actions continue.” states the Ukrainian CyberPolice.

Officials confirmed that the suspects are also wanted by foreign law enforcement.

Recently Ukrainian police targeted several cybercriminal organizations and crooks, below is the list of some operations conducted by law enforcement:

February 2021 – several members of the Egregor ransomware gang were arrested
June 2021 – Operation Cyclone – police dismantled a group who laundered money for the Clop ransomware gang
October 2021 – two ransomware operators were arrested in Kyiv with EUROPOL’s support
October 2021 – police arrested 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. The gang was distributing the LockerGoga and MegaCortex ransomware families.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IKEA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.