International law enforcement has pinched two alleged members of a ransomware crew suspected of extorting millions of dollars from more than 100 large companies in the U.S. and Europe.
The ransomware twosome are linked to an unnamed group known for imposing predatory ransom demands on their victims of up to 70 million euros ($81 million). The “prolific” duo were nabbed on September 28 in Ukraine by a “coordinated strike” of the French National Gendarmerie, the Ukrainian National Police and the Federal Bureau of Investigation (FBI), orchestrated by Europol and Interpol.
As a result of the arrests, a search of seven properties, including the home of one hacker and his relatives, uncovered $375 million in cash, two luxury vehicles valued at 217 thousand euros ($251,000), computers and mobile phones. Authorities also froze some $1.3 million in cryptocurrencies.
Since April, 2020, the syndicate has hit enterprises in the energy, tourism and manufacturing industries located in Europe and North America, Europol said. Their tactics are fairly standard for current day ransomware cyber kidnappers: Deploy malware to steal sensitive data ahead of encrypting the victim’s files, dangle a decryption key in exchange for a ransom payment and threaten to leak the stolen data on the dark web should the victim refuse their demand.
Officials did not reveal any details on the gang affiliation of the cyber soldiers, claiming the operation to root them out was ongoing.
Europol said that it brought together the countries involved in the bust, to establish a united strategy to root out the the cyber thieves. Its “cybercrime specialists” set up 12 meetings to prepare for the sting, providing “analytical, malware, forensic and crypto-tracing support," the organization said. In addition, law enforcement officials coordinated activities through a virtual command post, Europol said.
The Cyberpolice of Ukraine said that the hackers breached networks through phishing attacks. “The virus software got in the equipment of corporations by hacking the program for remote work of the user with the computer (server) and also through spam-mailing on corporate e-mail boxes of malicious content," Ukraine authorities said in a statement. Officials estimate the overall haul at up to $150 million.
Joint investigations and arrests by international law enforcement have dented a number of cyber mobs, most prominently a dismantling of the Emotet botnet last January, widely regarded as the world’s most dangerous malware operation. Investigators in the U.S., U.K., Canada, France, Germany, Lithuania, the Netherlands and Ukraine, backed by Europol and Eurojust (European Agency for Criminal Justice Cooperation), collaborated to successfully commandeer Emotet’s infrastructure. And, in May, 2019, law enforcement in the U.S. and five other countries conducted a two-year long investigation to take down an international cyber crime crew that attempted to steal more than $100 million from dozens of victims.
The move toward international coordination and collaboration to combat cyber crime is steadily gaining traction. Later this month, a group of 30 countries, including the U.S., will meet to boost international law enforcement efforts to combat cyber crime, choke off the illicit use of cryptocurrency by hackers and encourage more diplomacy on cyber issues.