Through the joint operation of Eurojust ed Europolin addition to the collaboration of the judicial authorities and the police of seven countries, it was possible to identify and dismantle a group ransomware based in Ukraine.
The collective, responsible for 1,800 attacks carried out in 71 countriestargeted medium to large sized companies, causing huge economic damage. The operation led to the arrest of the alleged leader of the organization and the arrest of four other suspected members of the group.
The arrested people were accused of carrying out various actions in the context of cybercrime, come on brute force attacks up to the implementation of techniques SQL injectionresulting in the theft of credentials and other private information.
The intervention is to be considered on a large scale, with 20 international investigators sent to Kiev to assist local authorities during the search of 30 location different and the analysis of a hundred digital devices.
Eurojust, Europol and seven countries involved: an international operation that began four years ago
Cybercriminals, according to reconstructions, compromised computer systems to monitor them and remain “dormant” for months at a time.
Having found the most likely moment, they acted by distributing different types of malware, such as LockerGoga, MegaCortex, HIVE o Dharma. As for ransoms, however, requests for decryption keys were in bitcointo make it impossible to track payments.
The international operation began in September 2019, with law enforcement agencies from several countries (France, the United Kingdom, Norway and Ukraine) undertaking a long series of investigations in collaboration with Eurojust.
This intervention is certainly not the first of its kind. In fact, just a few months ago, the infrastructure of the company was attacked through a massive operation Quakbot. Despite this, cybercriminals managed to get back on their feet and resume ransomware activities within a matter of weeks.