Europol Captures 12 Behind Ransomware Attacks on 1,800 Victims

The struggle in opposition to ransomware assaults continues, this time on the opposite facet of the Atlantic. Following a two-year investigation, Europol introduced this week that it had captured 12 people in numerous prison organizations who had been “wreaking havoc across the world” by launching ransomware assaults on crucial infrastructure.

According to Europol, the suspects are believed to have carried out assaults affecting greater than 1,800 victims in 71 international locations. The group is thought for concentrating on giant companies and is suspected to have been behind an assault on Norsk Hydro—a worldwide aluminum manufacturer based mostly in Norway—in 2019, which compelled it to cease manufacturing throughout its factories in two continents. The assault paralyzed Norsk Hydro for nearly every week and price the corporate greater than $50 million.

Europol seized greater than $52,000 in money from the suspects in addition to 5 luxurious automobiles. The company is presently performing a forensic evaluation on the group’s digital units to “secure evidence and identify new investigative leads.”

The worldwide sting was coordinated by Europol and Eurojust, the European Union’s company for prison justice cooperation, and included authorities from eight completely different international locations, together with the U.S. and the UK. It occurred in Ukraine and Switzerland on Oct.26, Europol stated in a news announcement.

It’s not clear whether or not the suspects in query have been arrested or charged, with Europol solely saying they had been “targeted.”

“Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions,” the company stated.

Each of the cybercriminals had completely different roles within the prison organizations. Some had been in control of penetrating the victims’ IT networks and did so utilizing numerous means, together with brute drive assaults, SQL injections, stolen credentials, and phishing emails with malicious attachments.

Others set to work as soon as their buddies had accessed victims’ IT networks. After the very fact, they might deploy malware, reminiscent of Trickbot, and different instruments to assist them keep underneath the radar and acquire additional entry, Europol defined.

“The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying a ransomware,” Europol stated, including: “The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected.”

The story then takes a flip and turns into one nearly all of us are sadly acquainted with: The attackers encrypted the victims’ information after which despatched a ransom observe demanding a cost in bitcoin in alternate for the decryption keys. If the ransom was paid, some suspects had been reportedly in control of laundering the funds via mixing companies and cashing out.

Europol didn’t go into element concerning the identification of the group’s victims or why they could have been focused. Back throughout the pond, ransomware assaults have additionally been on the rise, with cybercriminals launching assaults in opposition to main IT companies and crippling infrastructure.