Ukraine Gets Serious About Combatting Homegrown Cybercrime

Authors:
•  SCARS Editorial Team – Society of Citizens Against Relationship Scams Inc., and
•  EUROPOL

Dismantlement Of Ransomware Group In Ukraine Amidst Ongoing War – An International Collaboration Success

The Ukraine ransomware gang is behind high-profile attacks that created losses of hundreds of millions of euros

Table of contents

In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine the key figures behind significant ransomware operations wreaking havoc across the world. The operation comes at a critical time, as the country grapples with the challenges of Russia’s military aggression against its territory.

Ransomware Shut Down

On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia in Ukraine, resulting in the arrest of the 32-year-old ringleader. Four of the ringleader’s most active accomplices were also detained.

More than 20 investigators from Norway, France, Germany, and the United States were deployed to Kyiv to assist the Ukrainian National Police with their investigative measures. This setup was mirrored from Europol’s headquarters in the Netherlands where a virtual command post was activated to immediately analyze the data seized during the house searches in Ukraine.

This latest action follows a first round of arrests in 2021 in the framework of the same investigation. Since then, a number of operational sprints have been organized at Europol and in Norway with the aim of forensically analyzing the devices seized in Ukraine in 2021. This forensic follow-up work facilitated the identification of the suspects targeted during the action last week in Kyiv.

Dangerous, Undetected and Versatile

The individuals under investigation are believed to be part of a network responsible for a series of high-profile ransomware attacks against organizations in 71 countries.

These cyber actors are known for specifically targeting large corporations, effectively bringing their businesses to a standstill. They deployed LockerGoga, MegaCortex, HIVE, and Dharma ransomware, among others, to carry out their attacks.

The suspects had different roles in this criminal organization

Some of them are thought to be involved in compromising the IT networks of their targets, while others are suspected of being in charge of laundering cryptocurrency payments made by victims to decrypt their files.

Those responsible for breaking into networks did so through techniques including brute force attacks, SQL injections, and sending phishing emails with malicious attachments in order to steal usernames and passwords.

Once inside the networks, the attackers remained undetected and gained additional access using tools including TrickBot malware, Cobalt Strike, and PowerShell Empire, in order to compromise as many systems as possible before triggering ransomware attacks.

The investigation determined that the perpetrators encrypted over 250 servers belonging to large corporations, resulting in losses exceeding several hundreds of millions of euros.

International Cooperation

Initiated by the French authorities, a joint investigation team (JIT) was set up in September 2019 between Norway, France, the United Kingdom, and Ukraine, with financial support from Eurojust and assistance from both Agencies. The partners in the JIT have since been working closely together, in parallel with the independent investigations of the Dutch, German, Swiss, and U.S. authorities, to locate the threat actors in Ukraine and bring them to justice.

This international cooperation has remained steadfast and uninterrupted, persisting even amid the challenges posed by the ongoing war in Ukraine.

A Ukrainian cyber police officer was initially seconded to Europol for two months to prepare for the first phase of the action, before being deployed to Europol permanently to facilitate law enforcement cooperation in this field.

From the onset of the investigation, Europol’s European Cybercrime Centre (EC3) hosted operational meetings, providing digital forensic, cryptocurrency and malware support, and facilitating the information exchange in the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters.

Eurojust hosted twelve coordination meetings to facilitate the communication and judicial cooperation between the authorities involved.

The forensic analysis carried out in the framework of this investigation also allowed the Swiss authorities to develop, together with the No More Ransom partners and Bitdefender, decryption tools for the LockerGoga and MegaCortex ransomware variants. These decryption tools have been made available for free on: www.nomoreransom.org.

Participating Authorities:

  • Norway: National Criminal Investigation Service (Kripos)
  • France: Public Prosecutor’s Office of Paris, National Police (Police Nationale – OCLCTIC)
  • Netherlands: National Police (Politie), National Public Prosecution Service (Landelijk Parket, Openbaar Ministerie)
  • Ukraine: Prosecutor General’s Office (Офіс Генерального прокурора), National Police of Ukraine (Національна поліція України)
  • Germany: Public Prosecutor’s Office of Stuttgart, Police Headquarters Reutlingen (Polizeipräsidium Reutlingen) CID Esslingen
  • Switzerland: Swiss Federal Office of Police (fedpol), Polizei Basel-Landschaft, Public Prosecutor’s Office of the Canton of Zurich, Zurich Cantonal Police
  • United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI)
  • Europol: European Cybercrime Centre (EC3)
  • Eurojust

The investigation benefited from funding from the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

More:

SCARS Resources:

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

More ScamsNOW.com Articles

SCARS LINKS:   AgainstScams.org    RomanceScamsNOW.com    ContraEstafas.org    ScammerPhotos.com    Anyscam.com    ScamsNOW.com

reporting.AgainstScams.org    support.AgainstScams.org    membership.AgainstScams.org    donate.AgainstScams.org    shop.AgainstScams.org

youtube.AgainstScams.org    linkedin.AgainstScams.org    facebook.AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

Opinions

The opinions of the author are not necessarily those of the Society of Citizens Against Rleationship Scams Inc. The author is solely responsible for the content of their work. SCARS is protected under the Communications Decency Act (CDA) section 230 from liability.

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the legal department for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org