12 high-profile ransomware hackers targeted

On October 26th the action day against ransomware took place. Joint forces conducted operations in Ukraine and Switzerland. Specialists consider suspects high-value targets because of their involvement in other high-profile cases in various jurisdictions. As a result of the operation joint forces seized over USD 52 000 in cash, also 5 luxury cars. In addition, forensic specialists currently assess the electronic devices for the evidence and new investigative leads.

Suspects targeted large enterprises with ransomware

According to the Europol press release suspects activities affected over 1 800 victims in 71 countries. They specifically targeted large enterprises bringing them to prolonged standstills. Each of the suspects had specifically assigned job. Some conducted penetration efforts, while others deployed malware such as Trickbot. As the next step criminals would lay undetected even for months to probe the network for weakness. Only after that they would start the process of deploying ransomware. The known cases of their activity include MegaCortex, Dharma and LockerGoga.

“More than 50 foreign investigators, including six Europol specialists, were deployed to Ukraine for the action day to assist the National Police with conducting jointly investigative measures. A Ukrainian cyber police officer was also seconded to Europol for two months to prepare for the action day,” goes in Europol`s press release.

French authorities initiated the operation assisted in this by Europol and Eurojust. Together they set up a joint investigation team (JIT) that included France, Norway, United Kingdom and Ukraine. The investigation started in November 2019. The U.S and Dutch authorities conducted their own investigation. Europol and Eurojust assisted in all this by creating coordination centers for facilitating law enforcement forces. The jurisdictions of all countries-participants worked in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

The Norsk Hydro attack

In a separate press release Norway’s National Criminal Investigation Service (Kripos) confirmed that targeted suspects conducted a two years ago attack on the Norsk Hydro. The metals maker company suffered a ransomware attack in 2019 refusing to pay the demanded money. Losses amounted to tens of millions of dollars as parts of the production were stopped. Others did not name businesses involved in suspects` activities.

The FBI’s Internet Crime Complaint Center (IC3) that provides information on cyber crime incidents reported the following statistics. In 2020 they received 791,790 complaints for all types of internet crime. The losses exceeded $4.1 billion. The number of ransomware incidents constituted 2,474 incidents reported in 2020. And it presents an increase by 20 percent in the number of incidents. The demands rose to a 225 percent increase. From January to July 31, 2021, the IC3 has received 2,084 ransomware complaints with more than $16.8M in losses.