Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide

ID THN:1E749E92B85D38E62C88A8A6F091ADED
Type thn
Reporter The Hacker News
Modified 2021-10-30T18:28:44


Ransomware Hacker Arrested

12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups.

The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting in the seizure of cash worth $52,000, five luxury vehicles, and a number of electronic devices that the agencies said are being examined to uncover new forensic evidence of their malicious activities and pursue new investigative leads.

The suspects have been primarily linked to LockerGoga, MegaCortex, and Dharma ransomware, in addition to being in charge of laundering the ransom payments by funneling the ill-gotten Bitcoin proceeds through mixing services and cashing them out.

Automatic GitHub Backups

"The targeted suspects all had different roles in these professional, highly organised criminal organisations," Europol said in a press release. "Some of these criminals were dealing with the penetration effort, using multiple mechanisms to compromise IT networks, including brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments."

Following a successful break-in, the suspects are said to have focused on lateral movement within the compromised networks by deploying malware such as TrickBot or post-exploitation frameworks like Cobalt Strike or PowerShell Empire with the goal of staying undetected for extended periods of time and gaining entrenched access, leveraging the opportunity to probe for more weaknesses in the IT networks before installing ransomware.

The arrested individuals are also believed to have carried out the ransomware attack on Norwegian aluminum processor Norsk Hydro in March 2019, the country's National Criminal Investigation Service said in a separate statement.

The joint task force involved authorities from France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the U.K., and the U.S., along with Europol and Eurojust, under the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

The development also arrives weeks after representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.