These attacks are believed to have affected over 1 800 victims in 71 countries, writes Europol.
These cyber actors are known for specifically targeting large corporations, effectively bringing their business to a standstill.The actions took place in the early hours of 26 October in Ukraine and Switzerland. Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions. As the result of the action day, over USD 52 000 in cash was seized, alongside 5 luxury vehicles.
A number of electronic devices are currently being forensically examined to secure evidence and identify new investigative leads. The targeted suspects all had different roles in these professional, highly organised criminal organisations. Some of these criminals were dealing with the penetration effort, using multiple mechanisms to compromise IT networks, including brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments. The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying a ransomware.
These cyber actors are known to have deployed LockerGoga, MegaCortex and Dharma ransomware, among others. The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected. A ransom note was then presented to the victim, which demanded the victim pay the attackers in Bitcoin in exchange for decryption keys. Initiated by the French authorities, a joint investigation team (JIT) was set up in September 2019 between Norway, France, the United Kingdom and Ukraine with financial support of Eurojust and assistance of both Agencies.
The partners in the JIT have since been working closely together, in parallel with the independent investigations of the Dutch and U.S. authorities, to uncover the actual magnitude and complexity of the criminal activities of these cyber actors to establish a joint strategy.Eurojust established a coordination centre to facilitate cross-border judicial cooperation during the action day.
In preparation of this, seven coordination meetings were held. More than 50 foreign investigators, including six Europol specialists, were deployed to Ukraine for the action day to assist the National Police with conducting jointly investigative measures. A Ukrainian cyber police officer was also seconded to Europol for two months to prepare for the action day. .
Suche nach Stichworten: