Police from Ukraine, France, Germany, Norway and the United States have joined forces to arrest the leader of a hacker gang operating out of Ukraine that is behind cyberattacks aimed at extorting hundreds of millions of euros from their victims, Europol announced on Tuesday.
Police officers conducted operations on Tuesday evening at 30 properties in western and central Ukraine, including in Kiev and Cherkassy on the Dnieper as well as in Vinnytsia and Rivne, The Hague-based Europol said.
During these operations, a 32-year-old man suspected of being the leader of the gang and four accomplices were arrested. More than 20 investigators from France, Germany, Norway and the United States were sent to Kiev to assist local police.
“In an unprecedented effort, police and judicial authorities from seven countries joined forces with Europol and Eurojust to uncover and arrest key figures behind major ransomware operations in Ukraine,” the organization said in a statement.
“The operation comes at a critical time as the country faces the challenges of Russia’s military aggression against its territory,” Europol added.
At the same time, Europol has set up a virtual command post in the Netherlands to analyze data seized during searches in Ukraine in real time.
This hacker group attacked organizations in 71 countries, infected around 250 servers and “resulted in losses of several hundred million euros”. “These cyber actors are known to specifically target large companies and cripple their activities,” Europol said.
These latest arrests follow police operations in 2021 in which twelve suspected ransomware gang members were arrested in Ukraine and Switzerland.
Ransomware attacks allow access to vulnerable computer systems and encrypt or steal data before sending a ransom note and demanding payment in return for decrypting the data or not making it available to the public.
The gang members played different roles: some broke into networks, others laundered cryptocurrency payments from victims in order to have their files decrypted.
“Once inside the networks, the attackers remained undetected and used other tools to gain additional access to compromise as many systems as possible before launching ransomware attacks,” Europol explained.