They believed they were safe in a Ukraine that had been mired in war for more than a year and a half. Accompanied by their European and American counterparts, Ukrainian police officers nevertheless knocked on their doors on Tuesday, November 21, during a large-scale search aimed at dismantling a network of sophisticated hackers. After a first operation in 2021 that slowed down their activities, the Ukrainian cyber police this time arrested a 32-year-old Ukrainian citizen suspected of being the leader of the network. Four of his alleged main accomplices were also arrested.
The network of cybercriminals, which has specialized in ransomware since 2018, had targeted large companies in 71 countries by using malware – LockerGoga, MegaCortex, HIVE and Dharma – capable of rendering their victims’ data unreadable in exchange for a ransom to blackmail.
“It is the board of this multinational cybercrime company that has fallen,” sums up Christophe Durand, divisional officer of the Anti-Cybercrime Office (Ofac). Two officers from this department of the Criminal Investigation Department took part in this operation, which was carried out in about thirty apartments and houses in Kiev, but also in Cherkassy, closer to the front line.
On the trail of the virtual ransom
This is the culmination of an extensive investigation launched by the French cyber police with the support of Norwegian, German and American investigators. Following a complaint from a large French company, the J3 specialized public prosecutor’s office of the TGI of Paris contacted the Criminal Investigation Department, which coordinates investigations into ransomware-type cyberattacks in France.
Investigators first exploited the traces left by the hackers about the servers used in the attacks and traced the ransom paid in cryptocurrencies to virtual wallets. The technical analysis of the computer equipment confiscated during the first wave of arrests had put them on the trail of the masterminds of the organized gang. This on-site operation under difficult conditions was preceded by several meetings with other cyber police officers under the auspices of Europol and Eurojust.
Ukrainian investigators seized external hard drives containing data and cryptocurrencies. DR
In a cruel reminder of the situation on Europe’s borders, the two volunteer police officers spent the night of their arrival in a bunker as the Ukrainian capital faced a spate of Russian suicide drone attacks. Not enough to dissuade them from their goal of conquest. “They left the country with a goal in mind that is of particular interest to the French justice system,” specifies Commissioner Durand. “Like his accomplices, he was surprised to see that the Ukrainian police were still able to target them and that they could count on international police solidarity to put an end to the feeling of impunity.” »
The operation also led to renewed seizures of computer devices, particularly hard drives, some of which contained nearly $1 million (around 910,000 euros) worth of cryptocurrencies.