Europol shutters ransomware operation with kingpin arrests The Register

International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years. A joint investigation team, spearheaded by French authorities, formed in 2019 to bring down a ransomware group linked to major attacks across the world. Announcing the news today, Europol said that five individuals were arrested, including the 32-year-old leader of the group and four of its "Most active accomplices." A virtual command post was also established in Europol's Netherlands headquarters where data taken from the property raids was analyzed "Immediately." Europol said today in a press release that the arrests led to the "Dismantlement" of the group. The arrests follow 12 that were made in 2021, two years after the JIT was first assembled. Members of the same group were arrested in Ukraine and Switzerland, and key electronic devices were seized for forensic analysis, along with $52,000 in cash and five luxury vehicles. The seizure of the electronic devices and their subsequent analysis led to the identification of the key members arrested last week. Europol said "a number of operational sprints [had] been organized," heavily involving the Norwegian authorities over the past two years to analyze the devices. Asked why the arrests have come so long after the initial seizure, a spokesperson told The Register that it takes time to gather enough evidence to prosecute cybercriminals. "Whenever you do all the forensic work, you uncover other leads, but open up the investigation that feeds into other existing investigations. That's why we were only able to do the second round of actions now." Europol believes this didn't slow investigations down at all, but the operation had to be reorganized. The names of those arrested have not been released and the ransomware group itself doesn't behave like LockBit, AlphV/BlackCat or Rhysida. The cybercriminals were well-resourced and used multiple different strains to attack their targets. Europol said the group had attacked more than 250 servers belonging to organizations in 71 countries, netting the group hundreds of millions of euros in the process. The group isn't tracked with a moniker, as many repeat offenders are, but it is responsible for major historical attacks, perhaps most notably the ransomware incident at Norsk Hydro. The spokesperson said the arrested cybercriminals were not core members of any of the organizations behind the ransomware strains they used. Some were responsible for the actual intrusion into victims' systems, while others specialized in areas such as money laundering - a branch of ransomware operations that's also under close examination by global authorities. "Those responsible for breaking into networks did so through techniques including brute force attacks, SQL injections, and sending phishing emails with malicious attachments in order to steal usernames and passwords," Europol said. "Once inside the networks, the attackers remained undetected and gained additional access using tools including TrickBot malware, Cobalt Strike, and PowerShell Empire, in order to compromise as many systems as possible before triggering ransomware attacks." .

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Europol shutters ransomware operation with kingpin arrests The Register

Europol shutters ransomware operation with kingpin arrests The Register - International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years. A joint investigation team, spearheaded by French authorities, formed in 2019 to bring down a ...
1 year ago Theregister.com
Law enforcement agencies arrest 4 alleged LockBit members | TechTarget - Authorities arrested four suspected members of the LockBit ransomware gang during the third phase of the international law enforcement effort dubbed Operation Cronos. Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as ...
2 months ago Techtarget.com
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
11 months ago Bleepingcomputer.com
Law enforcement conducts 'largest ever' botnet takedown - In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks. Europol on Thursday announced that an international law enforcement action, ...
6 months ago Techtarget.com
Police arrested four new individuals linked to the LockBit ransomware operation - “Europol supported a new series of actions against LockBit actors, which involved 12 countries and Eurojust and led to four arrests and seizures of servers critical for LockBit’s infrastructure.” reads the press release published by ...
2 months ago Securityaffairs.com
Ransomware hackers 'wreaking havoc' arrested in Ukraine - European cyber police have arrested a 32-year-old suspected of being the ringleader of a ransomware gang operating in Ukraine. In raids across the country authorities seized laptops and arrested four other alleged hackers. The gang are accused of ...
1 year ago Bbc.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
11 months ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
9 months ago Bleepingcomputer.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
11 months ago Securityboulevard.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com
Ragnar Locker ransomware developer arrested in France - Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation. Authorities from France, the Czech Republic, Germany, Italy, Latvia, the ...
1 year ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
11 months ago Unit42.paloaltonetworks.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com
RagnarLocker ransoms its last victim as cybercops seize site The Register - Law enforcement agencies have taken over RagnarLocker ransomware group's leak site in an internationally coordinated takedown. Among the agencies involved are Europol's European Cybercrime Centre, the US's Federal Bureau of Investigation, and ...
1 year ago Theregister.com
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
10 months ago Krebsonsecurity.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
10 months ago Bleepingcomputer.com
Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers - Europol has issued a new warning regarding an emerging trend in organized crime involving the use of Bluetooth trackers. Originally designed to help individuals locate personal items and prevent vehicle theft, these small devices are being ...
1 year ago Infosecurity-magazine.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
1 year ago Bleepingcomputer.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit - For all its vaunted success, the LockBit ransomware operation appears to have already been beset by problems when an international law enforcement effort led by the UK's National Crime Agency shut it down this week. Though it's likely that the dozens ...
9 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)