Ransomware gang behind attacks on 50 companies arrested in Ukraine
Ukrainian authorities have detained five members part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas.
The arrests, which took place earlier this week, targeted the group's leader, a 36-year-old Kyiv resident, his wife, and three acquaintances.
Officials said the group hacked into government and private enterprise networks to steal data, installed ransomware to extort the victims, and also carried out DDoS attacks to paralyze the hacked networks.
"They administered the service from home personal computers, and in order to avoid responsibility for their illegal activities, they disguised themselves under various nicknames on the Darknet network," the Ukrainian Security Service (SSU) said today.
The hackers also used underground money mule networks to transfer some of their profits to payment cards owned by fictitious persons.
The group is believed to have made at least $1 million from their attacks, according to the Ukrainian Cyber Police.
The suspects were detained earlier this week after house searches at nine locations. The raids were conducted together with officers from law enforcement agencies from the US and the UK.
"Computer equipment, mobile phones, bank cards, flash drives and three cars were seized," the Ukrainian Cyber Police said today.
Officials said the suspects are also wanted by foreign law enforcement. A request for comment seeking information if an extradition request has been filed for any of the suspects has not been returned by Ukrainian officials.
This marks the fifth major arrest of a ransomware group in Ukraine since the start of 2021:
- February 2021 - the arrest of several members of the Egregor ransomware gang
- June 2021 - the arrest of a group who laundered money for the Clop ransomware gang
- October 2021 - two ransomware operators arrested in Kyiv, believed to be connected to the REvil group
- October 2021 - the arrest of a group that distributed the LockerGoga and MegaCortex ransomware strains
The names of the suspects or their affiliation with any particular ransomware strain or operation has not been disclosed.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.