Law enforcement authorities managed to seize millions in cryptocurrency and luxury vehicles owned by the ransomware gang.
In an international coordinated operation, law enforcement authorities in Europe have arrested two suspects in Ukraine accused of running a ransomware gang that was behind large-scale attacks on more than 100 companies around the world.
The arrests were made on September 28th in an operation that involved Europol, INTERPOL, the Ukrainian National Police, the French National Gendarmerie (Gendarmerie Nationale), and the United States Federal Bureau of Investigation (FBI).
Like other ransomware gangs, the modus operandi of the suspects involved targeting businesses with malware, steal sensitive data, and encrypt their files. The duo demanded a ransom between €5 to €70 million, while their victims included large industrial groups in North America and Europe from April 2020 onwards.
In case the victim paid the ransom, the group would offer them a decryption key to access their data. If their demands were not met, the ransomware operators would threaten victims to leak the stolen data on the dark web and hacking forums.
According to Europol’s press release, authorities searched seven properties, seized cash worth US$375,000 (€323,000 – £275,300), and two luxury vehicles worth €217 000 ($251,725 – £184,000). Additionally, authorities managed to freeze $1.3 million in different cryptocurrencies.
Ukrainian police also issued a press release stating that,
In total, the hacker attacked more than 100 foreign companies in North America and Europe. Among the victims are world-famous energy and tourism companies, as well as equipment developers – The damage caused to the victims reaches $ 150 million.
Watch as authorities raid and seize a large amount of cash and electronic devices belonging to the ransomware gang:
Although the identity of the ransomware gang has not been revealed yet it is worth noting that in June 2021, Ukrainian authorities targeted the Cl0p ransomware gang and shut down the infrastructure used to spread the virus, and blocked channels used to legalize ransom payment in cryptocurrencies.