Ransomware hackers 'wreaking havoc' arrested in Ukraine

  • Published
Police raiding suspected hacker homesImage source, Eurpolo
Image caption,

30 properties were raided in Kyiv, Cherkasy, Rivne and Vinnytsia last week

European cyber police have arrested a 32-year-old suspected of being the ringleader of a ransomware gang operating in Ukraine.

In raids across the country authorities seized laptops and arrested four other alleged hackers.

The gang are accused of successfully extorting "several hundred millions of euros" from victims in 71 countries.

The arrests are the latest efforts by international police to control the rising problem of ransomware.

Ransomware is malicious computer software that locks up systems until a ransom is paid to a hacker, usually in cryptocurrency like Bitcoin.

Europol says officers searched 30 properties last week resulting in the arrests of the five Russian speakers.

Investigators have not said which nationality they were.

For years Russia has been accused of harbouring ransomware gangs and arrests are extremely rare in the country.

Ransomware operations are often run as a "software as a service" scheme, where hackers pay a percentage of profits to the leaders of gangs who develop the malicious software needed for attacks.

Hacker "affiliates" can carry out attacks anonymously from anywhere in the world. In the last few years arrests of affiliates have taken place in South Korea, Poland, Switzerland, Canada and increasingly in Ukraine.

The most recent arrested individuals are accused of using various types of ransomware as part of their attacks including LockerGoga, MegaCortex, HIVE and Dharma ransomware.

Seized laptops suggest they scrambled data on more than 250 servers belonging to large corporations, causing huge disruption until the victims paid a ransom or rebuilt IT set ups from back ups.

Police say the suspects had different roles in this criminal organisation with some of the them involved in compromising the IT networks of their targets, while others were in charge of laundering cryptocurrency payments made by victims to restore their files.

Europol says these new suspects were identified after 12 others were arrested in 2021 in Ukraine and Switzerland.

A spokeswoman said more details would be released but that the operation to arrest more people is still ongoing.

Earlier this month the British Library revealed its IT systems were being held to ransom by cyber criminals preventing customers from accessing online services.

Last week the US Cyber Security and Infrastructure Agency (CISA) issued a warning of a fresh wave of ransomware attacks taking advantage of a widespread vulnerability in popular software.

The UK authorities says ransomware is the biggest cyber threat facing the country currently.

Media caption,

Watch: What is ransomware and how does it work?