A joint operation conducted by the Ukrainian National Police together with the French National Gendarmerie, and the United States Federal Bureau of Investigation (FBI), with the support of Europol and INTERPOL has led to the arrest in Ukraine of two suspected ransomware operators involved in targeted attacks against over 100 entities in Europe and North America from April 2020 onwards.
According to the Ukrainian National Police, victims include a well-known energy firm, a travel company and an equipment manufacturer. Estimated damages caused to the victimized organizations are amounting to $150 million.
The arrests were made in the city of Kyiv with one of the suspects described as “25-old male hacker”. The ransomware was deployed onto target entities networks by using various methods, including the compromise of remote management software tools used by companies, and spam emails with a malicious attachment, the police said.
During the raids, the police performed seven property searchers, seized $375 000 in cash, as well as two luxury vehicles worth €217 000, and froze $1.3 million in cryptocurrencies believed to be linked to ransom payments.
In June, six members of the Clop ransomware gang were arrested in Ukraine. The suspects were accused of running a double extortion scheme, threatening to leak victims’ sensitive information if ransom demand is not paid. Victims included Stanford University’s Medical School, the University of Maryland, the University of California and a number of unnamed Korean organizations.