International Police Operation Busts Threat Actors Suspected of Over 1,800 Ransomware Attacks

Antivirus Online

Law enforcement agencies are investigating 12 individuals suspected of conducting ransomware attacks against international critical infrastructures.

Europol accused the suspects of “wreaking havoc across the world,” claiming over 1,800 victims in 71 countries. The threat actors are believed to have been highly organized, probing IT systems for months before encrypting compromised networks and bringing businesses to a standstill by deploying LockerGoga, MegaCortex, Dharma and other ransomware.

“Some of these criminals were dealing with the penetration effort, using multiple mechanisms to compromise IT networks, including brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments,” Europol said. “Once on the network, some of these cyber actors would focus on moving laterally, deploying malware such as Trickbot, or post-exploitation frameworks such as Cobalt Strike or PowerShell Empire, to stay undetected and gain further access.”

The sting took place Oct. 26 in Ukraine and Switzerland. Police seized over 52,000 USD in cash, luxury vehicles and electronic devices, which are currently under forensic investigation.

Although Europol didn’t say whether the suspects have been arrested, some individuals are suspected of laundering payments by funneling the Bitcoin ransom fees through various services.

More than 50 investigators from agencies worldwide, including six Europol specialists, assisted in the operation, coordinated by the European Cybercrime Centre (EC3).

“International cooperation coordinated by Europol and Eurojust was central in identifying these threat actors as the victims were located in different geographical locations around the world,” Europol added.

“Initiated by the French authorities, a joint investigation team (JIT) was set up in September 2019 between Norway, France, the United Kingdom and Ukraine with financial support of Eurojust and assistance of both Agencies. The partners in the JIT have since been working closely together, in parallel with the independent investigations of the Dutch and U.S. authorities, to uncover the actual magnitude and complexity of the criminal activities of these cyber actors to establish a joint strategy.”