Police arrest suspected ransomware hackers behind 1,800 attacks worldwide
12 people have been arrested in an international law enforcement operation for orchestrating ransomware attacks against critical infrastructure and large organizations that have claimed more than 1,800 lives in 71 countries since 2019, marking the latest action against cybercrime groups.
The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting in the seizure of money worth $ 52,000, five luxury vehicles and a number of electronic devices which, according to the agencies, are being investigated to uncover new forensic evidence of their malicious activities. and seek new avenues of inquiry.
The suspects have been primarily linked to LockerGoga, MegaCortex, and Dharma ransomware, in addition to being tasked with laundering ransom payments by funneling ill-gotten Bitcoin proceeds into commingling services and cashing them out.
“The suspects targeted all had different roles in these professional and highly organized criminal organizations,” Europol said in a press release. “Some of these criminals were facing the penetration effort, using multiple mechanisms to compromise computer networks, including brute force attacks, SQL injections, stolen credentials, and phishing emails with malicious attachments. . “
After a successful break-in, suspects reportedly focused on lateral movement within compromised networks by deploying malware such as TrickBot or post-exploitation frameworks like Cobalt Strike or PowerShell Empire in an attempt to remain undetected for extended periods of time. periods and gain entrenched access, taking advantage of the opportunity to probe for other weaknesses in computer networks before installing ransomware.
The arrested individuals also reportedly carried out the ransomware attack on Norwegian aluminum transformer Norsk Hydro in March 2019, the country’s National Criminal Investigation Service said in a separate statement.
The joint working group involved authorities from France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the United Kingdom and the United States, as well as Europol and Eurojust, in the framework of the European multidisciplinary platform against criminal threats (EMPACT).
The development also comes weeks after officials from the United States, the European Union and 30 other countries pledged to mitigate the risk of ransomware and strengthen the financial system against exploitation in an attempt to disrupt the ecosystem, calling it “a growing threat to global security with serious economic and security consequences.”