Coordinated European police action against ransomware gang
12 persons suspected of being part of a European ransomware cyber-crime group have been targeted by a coordinated European police action. The action took place in the early hours of October 26 in Ukraine and Switzerland but was keep secret for a few days for investigation reasons.
The attacks are believed to have affected over 1,800 victims in 71 countries, and have especially targeted large corporations, effectively bringing their business to a standstill, Europol said.
”A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries.”
Most of the suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.
Over USD 52,000 in cash was seized, alongside five luxury vehicles. A number of electronic devices are currently being forensically examined to secure evidence and identify new investigative leads.
”The targeted suspects all had different roles in these professional, highly organised criminal organisations. Some of these criminals were dealing with the penetration effort, using multiple mechanisms to compromise IT networks, including brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments.”
”Once on the network, some of these cyber actors would focus on moving laterally, deploying malware such as Trickbot, or post-exploitation frameworks such as Cobalt Strike or PowerShell Empire, to stay undetected and gain further access.”
”The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying a ransomware. These cyber actors are known to have deployed LockerGoga, MegaCortex and Dharma ransomware, among others.”
”The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected. A ransom note was then presented to the victim, which demanded the victim pay the attackers in Bitcoin in exchange for decryption keys. ”
A number of the individuals interrogated are suspected of being in charge of laundering the ransom payments: they would funnel the Bitcoin ransom payments through mixing services, Europol said.
Initiated by the French authorities, a joint investigation team was set up in September 2019 between Norway, France, the United Kingdom and Ukraine with financial support of Eurojust. The partners have been working closely together, in parallel with the independent investigations of the Dutch and U.S. authorities.
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.
