Ransomware gangs can be traced. Big gang arrested in Ukraine

Authorities in Ukraine announced the arrest of a hacking group responsible for attacking some 50 organizations in the United States and Europe with a ransomware variant, generating losses of more than $1 million USD. According to the report, a 36-year-old Ukrainian citizen acted as the leader of the group, acting along with his wife and three acquaintances.

At the moment the ransomware variant used by this group is unknown, although it is known that the attack vector used was through malicious emails. Three members of the operation were in charge of receiving the ransoms using cryptocurrency, in addition to handing the victims the decryption key once the payment was completed.

To launder funds received as ransom payments, threat actors conducted complex financial transactions using online payment systems banned in Ukraine, passing them on an extensive network of fictitious identities until the original trail was lost.

In addition to operating a ransomware variant, the hackers also offered services similar to a virtual private network (VPN), which allowed other cybercriminal groups to carry out all sorts of illegal activities, from ransomware infections to corporate hacking.

Cybercriminal infrastructure was used to compromise all kinds of systems, including government agencies and private companies. Members of this group were able to deploy denial of service (DoS) attacks, ransomware infections, and theft of sensitive information. One of the defendants also faces charges of stealing payment card data in the UK. During the raid, authorities confiscated all kinds of computer equipment, cloned bank cards, USB storage devices, cars and cash. The defendants face charges of money laundering, developing and distributing malicious software.

Ukrainian authorities have been very active in recent months on cybercrime-related issues, arresting ransomware actors, scammers, botnet operators and phishing actors.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.