Ransomware gang arrested in Ukraine

4 October 2021

Two prolific ransomware operators suspected of carrying out a string of attacks, demanding ransoms of up to EUR 70 million, have been arrested in Ukraine.

The arrests were made on 28 September as a result of global law enforcement cooperation involving the French National Gendarmerie, the Ukrainian National Police and the United States Federal Bureau of Investigation (FBI), INTERPOL and Europol.

The coordinated strike also resulted in:

  • 7 property searches
  • Seizure of USD 375,000 in cash
  • Seizure of two luxury vehicles worth EUR 217,000
  • Asset freezing of USD 1.3 million in cryptocurrencies

The organized crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files.

They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the Darknet if their demands were not met.

Close cooperation between the participating law enforcement authorities led to the identification in Ukraine of these two individuals.

The INTERPOL High-Level Forum on Ransomware in July underlined that to effectively prevent and disrupt ransomware meant adopting the same international collaboration used to fight terrorism, human trafficking or mafia groups such as the 'Ndrangheta.

See also