Ransomware: Europol announced last Friday (29) the arrest of 12 people suspected of belonging to cybercrime organizations responsible for attacks in 71 countries. Malicious campaigns led by these groups may have affected more than 1,800 victims since 2019, mainly large corporations.
In an operation involving authorities from eight countries, including the UK and the US, suspects were detained in Ukraine and Switzerland. The European police organization also reported having seized $52,000 in cash during the action, as well as five luxury cars and electronic devices.
According to Europol, each of the detainees had different roles in the cybercriminal groups in which they participated. While some were responsible for invading IT networks, using phishing emails, stolen credentials and other techniques, the rest were deploying malware on the system.
There are also some responsible for laundering the payment of ransoms for files encrypted by organizations. They used bitcoin mixing services before distributing the illicit earnings, as a way to make it harder to track digital money.
Individuals arrested in this operation were known to use various ransomware families such as MegaCortex, LockerGoga and Dharma, in addition to Trickbot malware and post-exploitation tools. With such features, they could spend up to months infiltrating networks, without any detection.
One of the biggest cyberattacks carried out by these groups targeted Norwegian aluminum and renewable energy company Norsk Hydro. During the campaign, in 2019, the company had to stop production at its factories on two continents for almost a week, with an estimated loss of US$ 50 million.
An estimate of how much the organizations have profited from the attacks carried out in recent years has not been provided, but Europol is expected to release new details after the investigation of the seized equipment.