Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Ukrainian police authorities have nabbed five members of a gang
that’s believed to have helped orchestrate attacks against more
than 50 companies across Europe and the U.S and caused losses to
the tune of more than $1 million.

The special operation^[1], which was carried out
in assistance with law enforcement officials from the U.K. and
U.S., saw the arrest of an unnamed 36-year-old individual from the
capital city of Kyiv, along with his wife and three other
accomplices.

A total of nine searches across the suspects’ homes were carried
out, resulting in the seizure of computer equipment, mobile phones,
bank cards, flash drives, three cars, and other items with evidence
of illegal activity.

The Cyber Police of the National Police of Ukraine said the
group offered a “hacker service” that enabled financially motivated
crime syndicates to send phishing emails containing file-encrypted
malware to lock confidential data pertaining to its victims,
demanding that the targets pay cryptocurrency ransoms in return for
restoring access to the files.

However, it’s not immediately clear what ransomware strain the
perpetrators used to encrypt data on victim computers.

Besides ransomware attacks on foreign companies, the hacking
cartel also provided IP-address spoofing services to transnational
cybercrime actors, who unlawfully used the platform to break into
systems belonging to government and commercial entities to collect
sensitive information and carry out DDoS attacks^[2]
to paralyze the networks.

“To launder criminal proceeds, the offenders conducted complex
financial transactions using a number of online services, including
those banned in Ukraine,” Ukraine’s Secret Service (SSU) said^[3]. “At the last stage of
converting assets into cash, they transferred funds to payment
cards of an extensive network of fictitious persons.”

The development is the latest in a string of law enforcement
actions undertaken by Ukraine over the past year to tackle the
menace of ransomware that’s crippled organizations and critical
infrastructure alike.

Last month, authorities apprehended^[4]
51 people in connection with illegally possessing about 100
databases containing personal information of more than 300 million
citizens of Ukraine, Europe, and the U.S.

Prior to that, the National Police of Ukraine was also involved
in the arrest of ransomware affiliates^[5]
associated with Egregor, Cl0p^[6], LockerGoga, MegaCortex, and
Dharma^[7] families as well as
individuals who were found operating a DDoS botnet^[8]
and a phishing service called U-Admin^[9].

Then in October 2021, the SSU partnered with the U.S.
intelligence agencies to detain several members of a money laundering operation^[10] that engaged with
various hacking groups who carried out cyber theft activities and
wanted to convert the stolen virtual funds into cash.

A month later, the cyber department also dismantled a
five-member hacking group dubbed Phoenix^[11] that specialized in
remote hacking of mobile devices for over two years with the goal
of stealing personal data, which was then sold to other
third-parties for an average cost of $200 per account.