Actions against ransomware hackers continue to escalate. After the dismantling of REvil’s infrastructure last week and the arrest of two bigwigs earlier this month, law enforcement in eight countries, including France, struck again. On October 26, they arrested a dozen people in Ukraine in Switzerland, suspected of having launched ransomware attacks and claimed more than 1,800 victims in 71 countries, for damage estimated at more than 100 million euros, according to a spokesperson for the judicial police. Among these victims are critical infrastructures and large companies such as Norsk Hydro, a Danish company specializing in aluminum production.

The police were able to seize $ 52,000 in cash, five luxury cars and computer equipment. According to a Europol statement, the suspects were clearly affiliates of three ransomware services, namely Dharma, MegaCortex and LockerGoga. The latter is known to have infected the French company Altran in January 2019. It is not known if the people arrested are the perpetrators of this mischief, but it turns out that it is the French police who were at the initiative of this investigation. in September 2019.





Considered to be important players in the community, the twelve people arrested occupied different roles. Some took charge of penetrating the victim’s network, with techniques such as phishing, brute force or SQL injection. Others carried out lateral movements within the organization, with tools such as TrickBot, Cobalt Strike or PowerShell Empire. Hackers scanned their victims’ infrastructure meticulously for sometimes months, in order to maximize the impact of the ransomware. The ransoms were still in bitcoin and laundered through specialized services capable of scrambling the origin of the cryptocurrency (“mixing services”).

Source: Europol, Norwegian police