Police targets individuals spreading ransomware across 71 countries

Europol arrests people behind Dharma, LockerGoga, MegaCortex attacks

Twelve responsible for 1,800 ransomware victims arrestedEuropol and 50 other law enforcement agencies bust criminals behind ransomware attacks across the world

Police, with the help of other law enforcement agencies like the National Crime Agency, Europol, Eurojust, busted the criminal group that used ransomware threats to affect at least 1,800 victims in 71 countries.[1] Europol announced that twelve attackers got arrested for involvement in cryptocurrency extortion attacks.[2] Actions took place in the early hours of October 26th in Ukraine and Switzerland. The report[3] indicates 12 suspects as the ones responsible for wreaking havoc across the world with ransomware attacks:

The targeted suspects all had different roles in these professional, highly organised criminal organisations.

Law enforcement agencies report that these malware attacks were linked to LockerGoga, Dharma,[4] MegaCortex ransomware, and Trickbot malware, post-exploitation tool Cobalt Strike. The press release states that the threat actors used a dangerous combination of various disruption methods, including penetration effort, tools for IT network compromise, brute force attacks, stolen credentials. Attackers mainly targeted large corporations and businesses, so corruption could bring the operations to a standstill.

Organized international cybercrime group spreading ransomware

These attacks took place across the world, and cybercriminals have special roles in criminal organizations. Each attacker managed particular operational aspects. Some of the people were responsible for the network penetration, others relied on brute force attacks, and a group of attackers managed the SQL injections or focused on phishing operations. Other roles come about in the post-infection stage. There, actors deploy other malware, use lateral movement tools and steal data while running under the radar.

As usual with ransomware,[5] then threat actors move to the file encryption where the targeted system gets compromised, and ransom notes with the money demands get left. Huge amounts get demanded from victims in exchange for the decryption keys. However, rarely do Bitcoin payments get really exchanged in a real working decryption tool, if even paid at all.

In addition to the ransomware activities, some of the arrested individuals got charged for money laundering activities. Using Bitcoin mixing services to obscure the money trace. This arrest is a massive success on the law enforcement end because more than 50 investigators helped the specialists to catch individuals responsible. Authorities from Norway, France, Netherlands, Ukraine, United Kingdom, Germany, Switzerland, and other countries took part in the operation.

Highly persistent malware possibly active for months undetected

These criminal attacks successfully compromised these targeted networks, and threat actors had time to explore the IT networks without getting detected. These hackers had an advantage while laying undetected in the system, sometimes for months. Gathering data, affecting the system may take some time, and after all those activities monetization can take place.

The particular LockerGoga ransomware[6] was first noticed in January 2019 when it affected French engineering and R&D consultant. This threat and MegaCortex infections boomed during that year when the attack numbers reached huge amounts. The biggest attack against Norsk Hydro in Norway caused severe and lengthy disruption of the operations.

Another known threat, Dharma ransomware-as-a-service is spotted since 2016 and remains active. This is a threat to many organizations because it aims at small and medium-size businesses mainly. This threat strain continues to be one of the most profitable.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions