UPDATED 20:11 EST / OCTOBER 04 2021


Prolific ransomware gang operators arrested in Ukraine

Police in Ukraine have arrested two members of a “prolific” ransomware gang as part of a joint operation among international law enforcement agencies.

The arrested occurred on Sept. 28 following a joint investigation involving the French National Gendarmerie, the Ukrainian National Police, the U.S. Federal Bureau of Investigation, the International Criminal Police Organization and the European Union Agency for Law Enforcement.

Interpol did not name the ransomware gang in a statement today. But it’s suspected of a string of targeted attacks against large industrial groups in Europe and North America from April 2020. The gang would deploy malware and steal sensitive data from its victims before encrypting their files.

Whichever ransomware gang the two arrested are linked to, it appears to be a so-called double-tap gang. Interpol noted that the gang offered a decryption key for a ransomware payment, usually several million dollars, and would threaten to release the data if their demands were not met.

Ukraine Police provide further details, saying that one of the suspects, a 25-year-old, was responsible for attacks on more than 100 companies worldwide, causing $150 million in damage. Along with the arrests, Ukraine police seized $375,000 in cash, two luxury vehicles and froze cryptocurrency valued at $1.3 million.

Some speculate that the two arrested may be linked to the REvil ransomware gang. Interpol’s noting that the gang started in April 2020 ties into the REvil ransomware attack on celebrity law firm Grubman Shire Meiselas & Sacks. That attack was first reported in May 2020 but occurred in April.

“Although Europol declined to provide details on the affiliation of the two suspects, they stated that the individuals had worked for a ransomware group that had targeted corporations in Europe and North America since April 2020,” Stefano De Blasi, cyber threat intelligence analyst at disk risk protection firm Digital Shadows Ltd., told SiliconANGLE. “The group were also reportedly known for their exorbitant ransom demands, which ranged from 5 million to 70 million euros.”

The 70 million Euros figure is notable. That could be the REvil attack on Kaseya Ltd in July, although it was reported at the time that the ransom demanded was $70 million, not 70 million Euros. That said, ransom demands of that size are extraordinarily rare, making it more likely that the two arrested were linked to REvil.

“While solitary operations will not provide a remediation to the ransomware threat overnight, law enforcement operations can have a significant impact to targeted ransomware groups, often resulting in a suspension or disruption of their activity,” De Blasi added. “These raids can achieve their greatest potential when paired with diplomatic efforts, innovative policies and effective public-private partnerships.”

Photo: Ukraine Police

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.