Europol has detained about 12 people in Ukraine and Switzerland after linking them to the various ransomware attacks in over 70 countries.
The operation was a part of international law enforcement action, that included cyber teams from several European nations, and the US. Luxury vehicles, cash, and various electronic devices are seized from the gang, with further investigation going on.
Detaining Members of Ransomware Gangs
Under the motto of the European Multidisciplinary Platform Against Criminal Threats (EMPACT), task forces of several countries – France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the U.K., and the U.S have arrested 12 men in Ukraine and Switzerland earlier this week.
They were subjected to involvement with ransomware groups like MegaCortex, LockerGoga, and Dharma ransomware, and also in the activities of money laundering through Bitcoin mixing schemes. Europol in its statement said that all of those detained have various roles in the criminal organization.
From penetration testing to SQL injections and brute force attacks to steal credentials through phishing campaigns, thede unnamed men were linked to ransomware groups that hit over 1,800 victims across 71 countries since 2019.
The police explained that these cybercriminals initially hit vulnerable companies with the above-said tools, and install malware like TrickBot and use open-source tools like Cobalt Strike or PowerShell Empire for post-exploitation. Their goal is to stay within the network for finding more vulnerable devices and move laterally.
They were also subjected to attacks against the Norsk Hydro, a Norwegian aluminum processor in March 2019, as the company revealed. The police seized over cash worth $52,000, five luxury vehicles, and several electronic devices, which are being investigated now for finding more evidence on attacks they’re used to perform.
This operation comes after the representatives from European Union, the US and 30 other countries pledged to mitigate the risk of ransomware worldwide, as they’ve seen it as an “escalating global security threat with serious economic and security consequences.”