Europol arrested 12 hackers responsible for 1,800 ransomware attacks

Europol announced that it has arrested 12 hackers associated with more than 1,800 ransomware attacks in 71 countries around the world. The suspects were reportedly the operators of the LockerGoga, MegaCortex and Dharma ransomware.

The arrests took place early this week, October 26, in Ukraine and Switzerland. In simultaneous raids, police seized five luxury vehicles, electronic devices and $ 52,000 in cash. Law enforcement agencies of Norway, France, Great Britain, Germany, the Netherlands and the USA also took part in the investigation.

According to Europol, 12 suspects were part of a professional criminal group and attacked large companies using ransomware since 2019.

Having penetrated the network of the target organization, the hackers took their time and spent many months looking for weak points in order to advance further and expand their access. The group has deployed malware such as TrickBot on victims’ networks, and also used post-exploitation frameworks, including Cobalt Strike and PowerShell Empire.

It seems that the hackers were partners of several RaaS platforms (Ransomware-as-a-Service) at once, since they later used various ransomware families in their attacks, including LockerGoga, MegaCortex and Dharma.

In addition, Europol reports that some of those arrested did not engage in burglaries, but helped the group launder ransoms from victims.

According to a Norwegian police press release, the 12 suspects were linked to the notorious March 2019 attack on Norwegian aluminum company Norsk Hydro. Let me remind you that because of this incident, the work of the company on two continents was stopped, and production was idle for almost a week.

Let me remind you that we talked about that Law enforcement arrested 150 darknet sellers, as well as that 33 BEC Black Ax fraudsters that stole more than $ 17 million arrested in the US.