US, European, and Ukrainian police have arrested a ringleader of a notorious hacker gang operating from Ukraine which used ransomware to fleece hundreds of millions of euros from their victims, Europol said Tuesday.
Law enforcement officers swarmed 30 properties in western and central Ukraine including in Kyiv and Cherkasy on the Dnipro River, as well as Vinnytsa and Rivne last Tuesday, the Hague-based Europol said.
“In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations,” it said in a statement.
“The operation comes at a critical time as the country grapples with the challenges of Russia’s military aggression against its territory,” Europol added.
Police arrested a 32-year-old man alleged to have been a ringleader in the gang, as well as four accomplices.
More than 20 investigators from France, Germany, Norway, and the United States were deployed to Kyiv to help local police.
Meanwhile, Europol set up a virtual command post in The Netherlands to analyze data seized during the Ukrainian house searches in real-time.
The latest arrests follow police action in 2021 in which 12 suspected ransomware gang members were arrested in Ukraine and Switzerland.
Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing it publicly.
In this case, the hackers focused their attacks against organizations in 71 countries, infecting some 250 servers “resulting in losses exceeding several hundreds of millions of euros.”
“These cyber actors are known for specifically targeting large corporations, effectively bringing their business to a standstill,” Europol said.
The gang members played different roles, some breaking into networks, and others laundering the cryptocurrency payments made by the victims to have their files decrypted.
“Once inside the networks, the attackers remained undetected and gained additional access using other tools in order to compromise as many systems as possible before triggering ransomware attacks,” Europol said.