Saturday, February 22, 2025
HomeCyber Security NewsHackers Behind High-Profile Ransomware Attacks on 71 Countries Arrested

Hackers Behind High-Profile Ransomware Attacks on 71 Countries Arrested

Published on

SIEM as a Service

Follow Us on Google News

Hackers launched ransomware attacks to extort money from the following two entities by encrypting their data and demanding a ransom payment for its release:-

  • Individuals
  • Organizations  

Here, cryptocurrency payments’ financial motivation and relative anonymity make them an attractive method for hackers.

Recently, with the help of international collaboration, law enforcement agencies successfully arrested the hackers behind high-profile ransomware attacks on 71 countries.

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Hackers Arrested

Amid Russia’s military aggression, the following law enforcement agencies united to dismantle the Ukraine-based ransomware operations:-

  • Global law enforcement
  • Europol
  • Eurojust
Law enforcement agencies (Source - Europol)
Law enforcement agencies (Source – Europol)

Joint global effort arrests ransomware ringleader in Kyiv, and the Europol-led operation with international investigators from the following countries to assist Ukrainian police:-

  • Norway
  • France
  • Germany
  • The US

The virtual command post of Europol in the Netherlands analyzes seized data, follows up on 2021 arrests, and identifies suspects in the latest Kyiv action.

Roles & TTPs

Here below, we have mentioned all the varied roles:-

  • Network compromise
  • Crypto payment laundering

Here below, we have mentioned all the techniques that the threat actors use:-

Besides this, security analysts managed to discover that threat actors have encrypted more than 250 servers and also observed notable significant losses surpassing hundreds of millions of euros.

Ransomware used

The suspected network behind global ransomware attacks targeted large corporations in 71 countries using the following ransomware:-

  • LockerGoga
  • MegaCortex
  • HIVE
  • Dharma

A joint investigation team formed by France, Norway, the UK, and Ukraine, backed by Eurojust. Europol’s EC3 facilitates cybercrime action; forensic analysis aids decryption tools for LockerGoga and MegaCortex ransomware.

Participating Agencies

Here below, we have mentioned all the law enforcement agencies that have participated:- 

  • Norway: National Criminal Investigation Service
  • France: Public Prosecutor’s Office of Paris, National Police
  • Netherlands: National Police, National Public Prosecution Service
  • Ukraine: Prosecutor General’s Office, National Police of Ukraine
  • Germany: Public Prosecutor’s Office of Stuttgart, Police Headquarters Reutlingen CID Esslingen
  • Switzerland: Swiss Federal Office of Police, Polizei Basel-Landschaft, Public Prosecutor’s Office of the canton of Zurich, Zurich Cantonal Police
  • United States: United States Secret Service (USSS), Federal Bureau of Investigation (FBI) 
  • Europol: European Cybercrime Centre (EC3)
  • Eurojust

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...

ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials

The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...