12 hackers arrested in Europe
According to security groups Kaspersky and Emsisoft, 2020 saw approximately 65,000 successful ransomware attacks worldwide. As part of a joint operation, Europol has recently arrested 12 of the contributors to this total.
After much coordination by the agency and involvement with other authorities in Europe and the US, the suspects were apprehended in the Ukraine and Switzerland. Eurojust, another EU law enforcement agency, assisted in the operation. Cash and electronic devices were among the items seized, which, considering the group’s suspected role in organized cybercrime, investigators hope can open up new leads.
Most of the 12 hackers “are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions,” says Europol. Ransomware strains such as LockerGoga and Dharma are believed to be their handiwork. Through their initial attacks, including SQL injection, stolen credentials and phishing campaigns, the hackers were able to gain access to networks of over 1,800 entities in 71 countries. Once inside, they could focus on further compromise of the system. Months of thorough investigation and stealth would eventually result in the ransomware’s deployment, by which time it was too late and the monetization was underway.
Europol states that “A ransom note was then presented to the victim, which demanded the victim pay the attackers in Bitcoin in exchange for decryption keys.” All of these factors point to common tactics used in ransomware schemes, only on a much larger scale here. Aside from causing business disruption, the hackers also targeted critical infrastructure
This incident in particular, moreover, shows how far security regulators have come on international cooperation. For eight different countries to coordinate this effort displays a surprising level of integration for the EU at the data security level. It also shows, perhaps, how much further we have to go on safeguarding data ourselves, since the intruders were allowed to remain undetected for months within networks while they made further plans. Personal data is already vulnerable enough without allowing intruders freedom of movement for such an extended duration. Hopefully this investigation will uncover other bad actors before they can strike next.