With the year we have had in cybercrime, it feels as though there are ransomware attacks reported every day and cyber gangs pop up with new sophisticated attack methods—completely disrupting organizations and governments around the world.
But what doesn't happen every day is when we get to see those malicious cybercriminals brought to justice.
Europol recently announced the arrests of two cybercriminals in Ukraine who were "prolific ransomware operators known for their extortionate ransom demands."
Ransomware hackers arrested in Ukraine
One of the hackers, a 25-year-old citizen of Kyiv, allegedly attacked more than 100 companies, including well-known energy and tourism companies. He is accused of causing more than $150 million in damages to the victims.
Europol describes the crimes of the arrested hacker:
"The organised crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files.
They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met."
Officials have not disclosed which ransomware group or groups the accused hacker was involved with.
Inside the ransomware bust
Here is how the ransomware bust went down.
Six investigators from the French Gendarmerie, four from the U.S. FBI, a prosecutor from the French Prosecution Office of Paris, two specialists from Europol's European Cybercrime Centre (EC3), and one INTERPOL officer were deployed to Ukraine to jointly conduct investigative measures with the Ukrainian National Police.
Officers approached the suspect's apartment with assault rifles in hand. Once inside the apartment, authorities focused on all the digital equipment inside.
Here is an image of law enforcement raiding his apartment:
Authorities searched and seized multiple phones, tablets, and laptops:
They also bagged hard drives and desktop PCs, which you can see in the garbage bag below:
The alleged ransomware operator was at home minding his business when the authorities knocked on his door. You can see him here, wearing a Grinch T-shirt:
In this case, we don't believe the Grinch stole Christmas, but detectives say he did steal from ransomware victims, and had $360,000 hidden in a single shoe box.
In total, authorities accomplished the following:
- "2 arrests and 7 property searches"
- "Seizure of US $375,000 in cash"
- "Seizure of two luxury vehicles worth €217,000"
- "Asset freezing of $1.3 million in cryptocurrencies"
The Ukrainian Police have posted a video of the raid on YouTube, which you can view below:
Europol credits law enforcement authorities from the U.S., France, and Ukraine as key contributors to this takedown of ransomware operators.
International cooperation pursuing ransomware operators
In this case, the FBI was the U.S. agency involved, but federal law enforcement is building international cybercrime investigation units around the globe.
At a recent SecureWorld cybersecurity conference, Assistant Director of the United States Secret Service, Jeremy Sheridan, explained what his agency is doing:
"Without partnerships overseas that we are developing and continue to strengthen, we won't be effective in this space. Fortunately, we have cyber fraud task forces located throughout the globe, that we partner within their individual jurisdictions and geographic areas.
This includes foreign locations where we are embedded with Interpol, Europol, we've just recently stood up the cyber positions within Sydney, Australia, with the Australian Federal Police, as well as within London, in order to facilitate this information sharing, and hopefully start to connect more dots.
We're starting to put more dots out there to make these connections in order to build these cases and bring these individuals to justice."
Listen to this related podcast for more information: