Ukrainian police officers have arrested a ransomware-affiliated group responsible for attacking at least 50 companies in the United States and Europe.
The total losses resulting from the attacks are estimated to exceed one million US dollars.
A 36-year-old resident of Kiev, the capital of Ukraine, has been identified as the leader of the group, which included his wife and three other acquaintances, according to police.
It is not known what strain of ransomware the gang used to encrypt data on victims’ computers, but they delivered the malware via spam emails.
Three gang members received the ransoms by paying the victims in cryptocurrency. In exchange, they provided the decryption tool to restore the data, the Ukrainian the police say in an announcement today.
“According to preliminary data, more than 50 companies were affected by the attacks, the total amount of damage reached more than one million US dollars,” added the police.
To legalize the funds received as ransoms, the attackers carried out complex financial transactions using online payment services banned in Ukraine, circulating them through a vast network of fictitious identities.
Besides the ransomware activity, the actors also have VPN-like services which have allowed other cyber criminals to carry out illegal activities ranging from downloading malware to hacking.
The investigation revealed that these services were used to compromise systems owned by government and commercial organizations in order to steal sensitive data, deploy ransomware or launch distributed denial of service (DDoS) attacks.
One of the defendants was also stealing UK citizens’ card data to purchase items from online stores and then resell them online. This process is a simple way to convert funds from stolen cards into cash.
Police searched the homes and cars of nine suspects and confiscated computer equipment, bank cards and USB drives that investigators will examine for additional evidence that could lead to further arrests.
The suspects face criminal charges relating to money laundering, interference with computers and networks, and the creation, use, distribution and sale of malware.
These arrests are the result of a joint effort by law enforcement officials in the UK, US and Ukraine.
Repression of law enforcement
The Ukrainian Police Cybercrime Unit has been very active in recent months, arresting ransomware actors, fraudsters, botnet operators and phishing actors.
Specifically, the SSU recently arrested the following actors: