Police arrest hackers involved in 1,800 ransomware attacks


Europol has announced the arrest of 12 individuals believed to be linked to ransomware attacks against more than 1,800 victims in 71 countries.

According to the law enforcement report, the hackers have deployed ransomware strains such as LockerGoga, MegaCortex, and Dharma, as well as malware like Trickbot and post-exploitation tools like Cobalt Strike.

LockerGoga first appeared in the wild in January 2019, when it hit ‘Altran Technologies’, a French engineering and R&D consultant, part of the Capgemini group.

LockerGoga and MegaCortex infections culminated during that year, with a report from the National Cyber Security Centre (NCSC) in the Netherlands attributing 1,800 infections to Ryuk and the two strains.

The most notable case linked to the suspects is a 2019 attack against Norsk Hydro, the Norwegian aluminum production giant, causing severe and lengthy disruption in the company’s operations.

The Norwegian police was working with foreign counterparts to bring the hackers down. The hackers were arrested in Ukraine and Switzerland on October 26, 2021, after a series of simultaneous raids. The police seized five luxury vehicles, electronic devices, and $52,000 in cash.

According to Europol, the arrested individuals are considered high-value targets as they are believed to have organized multiple high-profile ransomware cases.

The cyber-criminals fulfilled specialized roles in a highly organized criminal organization, with each person being responsible for distinct operational aspects.

Some hackers were engaged in network penetration, some in brute force attacks, while others performed SQL injections or handled credential phishing operations.

In the post-infection stage, their roles were transposed to a new domain, with the actors deploying malware, network reconnaissance, and lateral movement tools, carefully stealing data while staying undetected.

Eventually, the actors encrypted the compromised systems and demanded the victims to pay huge amounts of money as ransom in Bitcoin in exchange for decryption keys.

Some of the individuals who were arrested now are believed to be in charge of the money laundering operation, using Bitcoin mixing services to obscure the money trace.

This operation is a massive law-enforcement success which was made possible by over 50 investigators from seven European police departments, six Europol specialists, and members of the FBI and the US Secret Service.

Image Credits : Coin Geek

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    WordPress plugin bug impacts 1M sites

    Previous article

    Pink botnet malware that infected over 1.6M devices discovered

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *