A joint international law enforcement operation led to the arrest of two ransomware operators in Ukraine who have extorted victims with ransom demands ranging between €5 to €70 million.
The operation was conducted in coordination with the FBI, the French police (Gendarmerie Nationale), and the Ukrainian National Police. The police officials performed seven property searches, seized $375,000 in cash, and two luxury vehicles that cost about $250,000. The investigators also froze $1.3 million worth of crypto that is believed to be linked to ransom payments.
The Europol and the Ukrainian police announced that the suspects were members of a top-tier group whose name could not be revealed due to operational reasons.
Both the suspects who were arrested in Kyiv City were part of the same group which focused not only on ransom attacks, but also laundered criminal funds.
The law enforcement agencies attribute around a hundred cyberattacks to the gang, starting in April 2020, that targeted North American and European entities. The modus operandi include typical network compromise, malware deployment, data exfiltration, and eventually the encryption of all local files.
The initial points of compromise are the victim’s VPN tool or through emails to employees that drop payloads on their computers.
The total damages caused to the victimized organizations are estimated to be around $150 million.
These arrests will likely not bring down an entire Ransomware-as-a-Service (RaaS) operation. However, law enforcement has been increasingly targeting individual members as a way to disrupt gang’s activities.
The announcement from Ukraine’s cyber-police says the arrested individuals may face up to twelve years in prison for violations of two articles of the criminal code in the country, one for unauthorized interference in computer networks and systems, and one for money laundering.