Europol Arrests 12 Hackers Linked to 1,800 Ransomware Attacks

By Riley ThompsonTechnology News

Europol Arrests 12 Hackers Responsible for 1,800 Ransomware Attacks

Europol has announced the arrest of 12 individuals connected to more than 1,800 ransomware attacks across 71 countries. The suspects are believed to be operators of the LockerGoga, MegaCortex, and Dharma ransomware strains.

The arrests took place earlier this week, on October 26, in Ukraine and Switzerland. During simultaneous raids, police seized five luxury cars, electronic devices, and $52,000 in cash. Law enforcement agencies from Norway, France, the United Kingdom, Germany, the Netherlands, and the United States also participated in the investigation.

Details of the Investigation

According to Europol, the 12 suspects were part of a professional criminal group that targeted large companies with ransomware since 2019.

“Most of the suspects are considered high-value targets because they are linked to several high-profile cases in different jurisdictions,” Europol stated in a press release. “Some of these criminals conducted ‘pentests,’ using various methods to compromise IT networks, including brute-force attacks, SQL injections, stolen credentials, and phishing emails with malicious attachments.”

After infiltrating a target organization’s network, the hackers would spend months searching for vulnerabilities to expand their access. The group deployed malware such as TrickBot and used post-exploitation frameworks like Cobalt Strike and PowerShell Empire.

The hackers appeared to be partners with several Ransomware-as-a-Service (RaaS) platforms, as they used different ransomware families in their attacks, including LockerGoga, MegaCortex, and Dharma.

Additionally, Europol reported that some of those arrested did not participate in the hacking itself but helped the group launder ransom payments received from victims.

Connection to Major Attacks

According to a press release from Norwegian police, the 12 suspects were linked to the high-profile attack on Norwegian aluminum producer Norsk Hydro in March 2019. That incident halted the company’s operations on two continents, with production disrupted for nearly a week.

“More than 50 foreign investigators, including six Europol specialists, were sent to Ukraine to assist the National Police in joint investigative activities. A Ukrainian cyber police officer was also seconded to Europol for two months to help prepare for the operation,” Europol reported.

Ukrainian authorities also released their own statement, noting that the damage caused to victims amounts to $120 million.

Leave a Reply