Ransomeware ring dismantled in Ukraine

Law enforcement agencies from seven countries, in partnership with Europol and Eurojust, have successfully dismantled a significant international ransomware operation rooted in various locations within Ukraine.

The operation, which involved coordinated efforts from investigators in Norway, France, Germany, the United States, and Ukraine, resulted in the detention of five individuals. The arrested individuals had diverse roles, with some focusing on compromising the IT networks of their targets, while others were responsible for laundering the ransom money received from their operations.

The individuals behind the network breaches utilised various methods, such as brute force attacks, SQL injections, and the dissemination of phishing emails containing malicious attachments. Their objective was to illicitly obtain usernames and passwords. The ransomware tools employed by the ring included LockerGoga, MegaCortex, HIVE, and Dharma.

Europol, which played a pivotal role in coordinating the operation, revealed that suspects are linked to a series of high-profile ransomware attacks affecting large corporations in 71 countries. The investigation uncovered that the perpetrators had infiltrated over 250 servers, resulting in losses exceeding several hundreds of millions of euros.

Why does it matter?

This recent operation is part of an ongoing investigation that traces its origins to arrests made in 2021. During the previous phase of the investigation, a dozen individuals targeting critical infrastructure were detained. The continuity of these arrests highlights the persistent efforts of law enforcement to combat cybercriminal activities, especially those with severe implications for global businesses and security.