Europol has recently suspected 12 threat actors from Switzerland and Ukraine for contributing to more than 1,800 ransomware incidents against critical infrastructure and large firms globally.
According to Europol, the 12 threat actors are considered high-value targets due to the attacks they have executed, including the distribution of Dharma, LockerGoga, MegaCortex, and more ransomware variations against companies from 71 nations.
Nonetheless, as per a Europol spokesperson, the judicial process is still in progress since the 12 threat actors have not yet been charged or arrested.
Furthermore, the suspects are assumed to have a variety of aggressive roles in executing ransomware attacks and extorting payment from the organisations in exchange for the decryption key. Some of them target victims’ IT networks, and the others are responsible for Bitcoin payment laundering.
The threat actors who break into organisations’ IT networks have performed SQL injections, brute force attacks, and phishing emails injected with malware to steal usernames and passwords. These threat actors have remained undetected despite getting access to the networks. They even acquired further access with the help of tools like the TrickBot malware, PowerShell Empire, and Cobalt Strike to attack as many systems as possible to induce ransomware attacks.
Europol’s operation has seized more than $52,000 in cash, five luxury cars, and computers used in the ransomware attacks. The computers will be examined by authorities to identify more leads involved in the cybercrimes.
Over 50 investigators from agencies worldwide have contributed to the operation, including some Europol specialists coordinated by the European Cybercrime Centre (EC3). The Europol specialists include France’s National Police and the Public Prosecutor’s Office of Paris, Ukraine’s National Police of Ukraine and Prosecutor General’s Office, the Dutch National Police and National Public Prosecution Service, Germany’s Police Headquarters Reutlingen, United States Federal Bureau of Investigations (FBI) and Secret Service, the United Kingdom’s National Crime Agency (NCA) and Police Scotland, and the Switzerland Federal Police and Polizei Basel-Landschaft.
According to a latest statement issued by the European Union Agency for Cybersecurity, they have warned that ransomware attacks are the largest and most prevalent cybercrime that the world is facing today. Organisations are advised to further their security measures to prevent being attacked and losing assets to pay ransom demands.
