Ransomware: Police sting targets suspects behind 1,800 attacks that 'wreaked havoc across the world'

Twelve high-value individuals suspected of spreading LockerGoga, MegaCortex, Dharma and other ransomware across 71 countries have been targeted in Ukraine and Switzerland.
Written by Danny Palmer, Senior Writer

Twelve people have been targeted by an international law enforcement operation for involvement in over 1,800 ransomware attacks on critical infrastructure and large organisations around the world. 

A statement by Europol describes the 12 suspects in Ukraine and Switzerland as "high-value targets" responsible for "wreaking havoc across the world" by distributing LockerGogaMegaCortexDharma and other ransomware attacks against organisations in 71 countries.

But it's unclear if the individuals have been arrested or charged – a Europol spokesperson told ZDNet that "the judicial process is ongoing".

The suspects are believed to have various different roles in "aggressive" criminal organisations responsible for encrypting networks with ransomware and demanding a payment in exchange for the decryption key.   

SEE: A winning strategy for cybersecurity (ZDNet special report)    

Some of the suspects are thought to be involved in compromising the IT networks of targets, while others are suspected of being in charge of laundering Bitcoin payments made by victims.  

Europol says that those responsible for breaking into networks did so by using techniques including brute force attacks, SQL injections and sending phishing emails with malicious attachments in order to steal usernames and passwords. 

Once inside the networks, the attackers remained undetected and gained additional access using tools including TrickBot malwareColbalt Strike and PowerShell Empire, in order to compromise as many systems as possible before triggering ransomware attacks.

As a result of the operation, over $52,000 in cash was seized, alongside five luxury cars. A number of computers have also been seized and are being examined in order to secure evidence and identify new leads. 

In total, more than 50 investigators from agencies around the world – including six Europol specialists – were involved in the operation, which was coordinated by Europol's European Cybercrime Centre (EC3).

SEE: Cloud security in 2021: A business guide to essential tools and best practices

This included: Norways's National Crime Investigation Service; France's National Police and the Public Prosecutor's Office of Paris; the Dutch National Police and National Public Prosecution Service; Ukraine's National Police of Ukraine and Prosecutor General's Office; the United Kingdom's National Crime Agency (NCA) and Police Scotland; Germany's Police Headquarters Reutlingen; the Switzerland Federal Police and Polizei Basel-Landschaft: and the United States Federal Bureau of Investigations (FBI) and Secret Service. 

A recent European Union Agency for Cybersecurity report warned that ransomware is the biggest cybersecurity issue facing the world today. 


Editorial standards