Two ransomware operators arrested in Ukraine

Two members of a ransomware gang were arrested in Ukraine following a joint international law enforcement operation.

The arrests took place last week, on September 28, in Kyiv, Ukraine’s capital, and were carried out by officers of the Ukrainian National Police, with aid from the French Gendarmerie, the FBI, Europol, and Interpol.

Two suspects were arrested, including a 25-year-old believed to be a crucial member of a large ransomware operation.

Officials declined to name the suspect’s affiliation to any particular ransomware gang, citing an ongoing official investigation, a Europol spokesperson told The Record today.

Ukraine officials said in a press release the suspect was responsible for attacks on more than 100 companies across the world and has caused more than $150 million in damages.

Following searches at seven properties, including family members of the 25-year-old main suspect, officers seized computers used to access remote servers from where the ransomware was deployed, two cars, $375,000 in cash, and $1.3 million in cryptocurrencies.

In a press release, Europol said the suspects had been active since April 2020 and that their group was “known for their extortionate ransom demands (between €5 to €70 million).”

Several security researchers have suggested that the two suspects arrested last week were members of the REvil ransomware gang.

In addition, a video of one of the house searches released by Ukrainian police shows officers sifting through unlocked computers and tablets, suggesting that investigators might have gained access to sensitive information that may allow them to infiltrate the ransomware gang’s structure.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Group-IB helps Italian officials take down scammers selling COVID-19 docs via Telegram

Italian police announced that they had broken up a criminal gang selling hundreds of fake…

18 hours ago

US sanctions 28 quantum computing entities in China, Russia, Pakistan, Japan

The US Department of Commerce has sanctioned 28 organizations from China, Russia, Pakistan, Japan, and…

2 days ago

North Korean hackers posed as Samsung recruiters to target security researchers

North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees…

2 days ago

China’s top policymaking body charts plan for science and technology ‘self-sufficiency’

China's top leadership unveiled a plan for developing homegrown science and technology with an eye…

3 days ago

Israel restricts cyberweapons export list by two-thirds, from 102 to 37 countries

The Israeli government has restricted the list of countries to which local security firms are…

3 days ago

China agency tells Tencent their apps have to be approved before they go live or update

Chinese regulators have told video game giant Tencent that it will need to submit its…

3 days ago