Ukrainian police arrest five members of ransomware affiliate

The ransomware group was behind attacks on more than 50 companies across Europe and the US.
Written by Jonathan Greig, Contributor on

Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US. 

In a statement, both the the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.

US and UK law enforcement officials worked with Ukrainian officials on the operation. 

Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware. 

One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement. 

The bank card details were used to buy things online that were then resold. 

"Police officers together with law enforcement officers from Great Britain and the United States of America conducted nine searches in the homes of the suspects and in their cars. Computer equipment, mobile phones, bank cards, flash drives, and three cars were seized," police officials said. 

Ukrainian Security Service

The Ukrainian Security Service provided more details about the group's activity, explaining that on top of their work with ransomware, they also operated a "VPN-like" service that "allowed you to download computer viruses, spyware, and other malicious software through the platform." 

The service was then used by other hackers to break into government systems and companies, spread ransomware, and launch DDoS attacks. 

"In order to legalize the funds received from such 'activities' the attackers conducted complex financial transactions using a number of online services, including those banned in Ukraine. At the last stage of cash transfer, they were transferred to the payment cards of an extensive network of fictitious persons," the Ukrainian Security Service said. 

This is the latest in a series of raids and arrests by Ukrainian police over the past few years. There were several announced raids throughout 2021, including ones involving the arrest of Clop ransomware operators and others. 

Editorial standards