European cyber police have arrested a 32-year-old individual suspected of leading a ransomware gang operating in Ukraine. In coordinated raids throughout the country, authorities confiscated laptops and arrested four additional alleged hackers. The gang is accused of extorting “several hundred million euros” from victims across 71 countries.
This latest development is part of ongoing international efforts to combat the escalating issue of ransomware. Ransomware is a form of malicious software that encrypts systems, demanding a ransom payment—typically in cryptocurrency such as Bitcoin—for decryption.
The individuals arrested are accused of deploying various types of ransomware, including MegaCortex, LockerGoga, HIVE, and Dharma ransomware. Seized laptops indicate that they encrypted data on over 250 servers belonging to major corporations, causing significant disruptions until the victims paid the ransom or restored their IT setups from backups.
Earlier this month, the British Library disclosed that its IT systems were under ransom by cybercriminals, impacting customer access to online services. Last week, the US Cyber Security and Infrastructure Agency (CISA) issued a warning about a new wave of ransomware attacks exploiting a widespread vulnerability in popular software.
Europol reported that officers conducted searches at 30 locations last week, resulting in the apprehension of five individuals proficient in Russian. The officers have also, not disclosed the specific nationality of the suspects. Russia for years has been accused of harboring ransomware gangs within the country and that’s why arrests are extremely rare.
Ransomware often operates on a “software as a service” model, where hackers pay a percentage of their earnings to the leaders of criminal organizations that develop the necessary malicious software. Affiliates, who carry out attacks anonymously from various locations globally, have faced arrests in countries such as South Korea, Poland, Switzerland, Canada, and Ukraine.
Law enforcement revealed that the suspects had distinct roles within the criminal organization. Some were involved in compromising the IT networks of their targets, while others managed the laundering of cryptocurrency payments made by victims to recover their files.
A spokesperson for Europol said that more details would be released. But what they did disclose was that these new suspects were identified following the arrest of 12 individuals in 2021 in Ukraine and Switzerland. At the main time, the operation to apprehend more individuals is still ongoing.