Police say they have arrested two men in connection with a “prominent” ransomware gang that has attacked droves of large companies throughout Europe and North America.
The men were taken into custody in Ukraine on Sept. 28, as part of a joint operation between French cyber police, the FBI, and the Ukrainian national police, with support from Europol and Interpol. As part of the operation, police raided seven different properties, where they seized $375,000 in cash, as well as “two luxury vehicles” collectively worth €217, 000. Video taken from one of the raids shows Ukrainian police seizing computer equipment, stacks of cash, and multiple phones at an undisclosed apartment complex. $1.3 million in related cryptocurrencies has also been frozen, authorities said.
The two arrestees have not been publicly identified, though authorities say they are “prolific ransomware operators” connected to a gang that has conducted “targeted attacks” on more than 100 different companies. Those attacks, which reportedly affected “large industrial groups” in North America and Europe, have caused damages upwards of $150 million, according to Ukrainian police.
Police said the operators would extort companies for notably large sums—ranging between €5 to €70 million. “They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met,” Europol said, in its press release.
This year has seen a number of prominent ransomware-related arrests. In January, the Justice Department announced a coordinated international effort to effectively smash the Netwalker crime syndicate, a large ransomware operation that, throughout 2020, extorted tens of millions of dollars from companies throughout the world. Then, in March, three alleged members of the Egregor gang were also apprehended in Ukraine, followed not long afterwards by the arrest of several members of CL0P—a prominent new gang that had targeted droves of companies throughout the first part of this year.
However, while police may experience such occasional successes, ransomware gangs also have a habit of being resilient and bouncing back. Case in point, only about a week after the CL0P arrests, the gang was apparently back in business and hacking new victims.
The U.S. and other nations are currently discussing new strategies to further disrupt the ransomware industry. Later this month, the Biden administration plans to convene a meeting of officials from 30 different countries, as a way to better coordinate efforts to disrupt international cybercrime.