Ransomware gang behind attacks on 50 companies arrested in Ukraine
Image: Ukraine's Cyber Police
Catalin Cimpanu January 13, 2022

Ransomware gang behind attacks on 50 companies arrested in Ukraine

Catalin Cimpanu

January 13, 2022

Ransomware gang behind attacks on 50 companies arrested in Ukraine

Ukrainian authorities have detained five members part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas.

The arrests, which took place earlier this week, targeted the group’s leader, a 36-year-old Kyiv resident, his wife, and three acquaintances.

Officials said the group hacked into government and private enterprise networks to steal data, installed ransomware to extort the victims, and also carried out DDoS attacks to paralyze the hacked networks.

“They administered the service from home personal computers, and in order to avoid responsibility for their illegal activities, they disguised themselves under various nicknames on the Darknet network,” the Ukrainian Security Service (SSU) said today.

The hackers also used underground money mule networks to transfer some of their profits to payment cards owned by fictitious persons.

The group is believed to have made at least $1 million from their attacks, according to the Ukrainian Cyber Police.

The suspects were detained earlier this week after house searches at nine locations. The raids were conducted together with officers from law enforcement agencies from the US and the UK.

“Computer equipment, mobile phones, bank cards, flash drives and three cars were seized,” the Ukrainian Cyber Police said today.

Ukraine-ransomware-arrests
Image: Ukraine’s Cyber Police

Officials said the suspects are also wanted by foreign law enforcement. A request for comment seeking information if an extradition request has been filed for any of the suspects has not been returned by Ukrainian officials.

This marks the fifth major arrest of a ransomware group in Ukraine since the start of 2021:

The names of the suspects or their affiliation with any particular ransomware strain or operation has not been disclosed.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.