Gang of five arrested in Ukraine for their involvement in large-scale ransomware attacks on international firms costing millions of dollars in damages.
Ukrainian law enforcement authorities are on an arrest spree against ransomware operators since last year. As previously reported, two members of the REVil ransomware gang were arrested in October, and in June 2021, six individuals suspected to be members of the Cl0p ransomware gang were arrested.
Continuing the operation; Ukraine police have arrested five more people suspected to be part of a cartel and operated ransomware attacks against foreign companies. The arrested people include a husband and wife team.
Operation Details
According to sources, Ukrainian authorities were tipped off by UK intelligence about a five-member gang of ransomware operators. The gang is suspected to be involved in ransomware attacks against over fifty organizations across the USA and Europe, causing financial losses amounting to $1 million.
The special operation was initiated with UK and US law enforcement officials. An unnamed individual aged 36 was arrested from Ukraine’s capital Kyiv along with his wife and three other members of the gang.
The authorities carried out searches in 9 different homes. They seized computer equipment, bank cards, mobile phones, flash drives, three vehicles, and other equipment that could be used as evidence of illegal activities.
More ransomware news on Hackread.com:
- Romanian arrested for ransomware attacks and data theft
- Ransomware attack on New Mexico jail put prisoners in lockdown
- Yandex hit by largest DDoS attack involving 200,000 hacked devices
- Hotel claims Conti ransomware attack on system as guests locked out
- FBI warns of hackers mailing malicious USB drives to spread ransomware
Gang Offered IP Spoofing & Ransomware Service
According to the Cyber Police of the National Police of Ukraine, the gang was offering a hacker service that encouraged financially motivated criminal gangs to send out phishing emails loaded with file-encrypted malware, which locked their confidential data.
The gang then demanded ransom in cryptocurrency from their victims for restoring access to their data. The authorities didn’t clarify what ransomware strain was used by the gang to encrypt data.
The gang also offered IP-address spoofing facilities to transnational cybercriminals who used the platform illegally to hack into government and commercial organizations’ computer systems and collected sensitive data apart from carrying out DDoS attacks.
How the Gang Laundered Money?
In its press release, Ukraine’s Secret Service (SSU) explained how the gang laundered criminal proceeds.
“To launder criminal proceeds, the offenders conducted complex financial transactions using a number of online services, including those banned in Ukraine. At the last stage of converting assets into cash, they transferred funds to payment cards of an extensive network of fictitious persons.”
SSU
Ukrainian police claim that the gang operated private VPNs to hide users’ IP addresses and secretly carry out their malicious activities. They also targeted British bank cardholders, and the stolen details were used to make online purchases.
The suspects are charged under article 361 of the Ukrainian criminal code for unauthorized interference in the work of computers, creating or disturbing malware, and money laundering.