Skip to content

Multi-nation effort dismantles ransomware operation in Ukraine

  • by
  • 2 min read

Law enforcement agencies from seven countries collaborated with Europol and Eurojust to dismantle a major ransomware operation based in Ukraine.

On November 21, a coordinated operation involved the search of 30 properties in Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of a 32-year-old ringleader and four key accomplices.

A multinational task force, including investigations from Norway, France, Germany, and the United States, worked alongside the Ukrainian National Police. This joint effort is part of an ongoing investigation initiated by French authorities in 2019, leading to arrests in 2021.

The recent action in Ukraine followed meticulous forensic analysis by Europol and Norwegian authorities on devices seized during the earlier phase.

The cybercriminals under scrutiny are suspected of orchestrating high-profile ransomware attacks affecting organisations in 71 countries. These attacks, employing ransomware variants like LockerGoga, MegaCortex, HIVE, and Dharma, specifically targeted large corporations, causing significant disruptions.

Various roles were played by suspects within the criminal organisation. Some were involved in compromising IT networks, while others were implicated in laundering cryptocurrency payments made by victims to decrypt their files. The cybercriminals utilised sophisticated techniques, including brute force attacks, SQL injections, and phishing emails with malicious attachments to gain unauthorised access.

This is an image of ransomware 3299fkl

Once inside the networks, the attackers remained undetected, using tools such as TrickBot malware, Cobalt Strike, and PowerShell Empire to compromise numerous systems before triggering ransomware attacks.

The investigation revealed that the perpetrators encrypted over 250 servers belonging to large corporations, resulting in losses exceeding several hundred million euros.

The Joint Investigation Team (JIT) was established in 2019 and included members from Norway, France, Germany, the United Kingdom, and Ukraine, receiving financial support from Eurojust and assistance from various other agencies. Europol’s European Cybercrime Centre (EC3) played a crucial role by providing support in digital forensics, cryptocurrency tracking and malware analysis.

In May, Europol’s EC3, under operation SpecTor conducted one of the largest search and seize operations to take down Monopoly Marketplace, an online drug shop.

In the News: Google will start shutting down inactive Gmail accounts from December 1

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

    • Related Reads

    This is an image of hacked security illustration 11

    Hackers are disguising Python malware as coding challenges, crypto devs targeted

    Facebook rebrands to meta; aims to become a 'social tech' company

    Meta resumes training AI models on EU user data

    This is an image of chatgpt featured 213241

    OpenAI announces improved GPT-4.1 flagship model

    This is an image of phishing featured storyblocks

    Cybercrime group rolls out major updates for on sale phishing tool

    This is an image of scam call featured 1

    China jails 9 for scamming over 66,000 Indians

    What is a hack? 9 different types of hackers you must know about

    SpyNote malware targets users through fake android apps

    >