Ukrainian authorities arrested several suspected ransomware gang affiliates accused of targeting more than 50 companies in Europe and the U.S.
The joint operation involved the National Police of Ukraine and its Cyber Police department, along with law enforcement officers from Great Britain and the U.S., and resulted in the arrests of five threat actors. That included the alleged leader — a 36-year-old Kyiv resident — and his wife. They are facing multiple accusations including the theft of more than $1 million and aiding in the illegal activities of foreign hackers by altering IP addresses.
The Cyber Police provided further details on the ongoing investigation in a statement on its website Thursday.
Nine raids took place during the coordinated effort by law enforcement, where computer equipment, mobile phones, bank cards, flash drives and three cars were seized, according to the statement.
The suspects allegedly carried out the attacks through phishing emails that contained ransomware, and then encrypted victims’ data. Police said three suspects received ransom payments in cryptocurrency, which is common in such extortion attacks, in exchange for restoring victims’ data access.
The statement also noted that one of the defendants was wanted by law enforcement outside Ukraine. That defendant is accused of deploying ransomware to “obtain bank card details of customers in British banks.”
“At the expense of victims, the attacker bought various goods in online stores and later resold them,” the statement said.
Law enforcement operations and arrests related to cybersecurity have increased recently, and many have involved Ukraine. In January 2021, a coordinated operation by Europol and Eurojust resulted in the takedown of the infamous Emotet malware. Authorities revealed that two suspects were from Ukraine.
In July, Ukrainian police arrested six alleged members of the high-profile Clop ransomware gang, known for the double extortion attack against Software AG. Then in October, authorities arrested two suspected members of an unnamed ransomware gang and froze $1.3 million in cryptocurrency assets.
In the most recent arrests, authorities did not identify the type of ransomware the suspects were involved with, and it is unclear if the investigation is connected to any previous raids. The Cyber Police did not respond to request for comment.