International coalition arrests ‘prolific’ hackers involved in ransomware attacks

An international coalition of American, French, Ukrainian and European Union (EU) law enforcement authorities coordinated on the arrest last week of two individuals and the seizure of millions of dollars in profit allegedly involved with a spree of damaging ransomware attacks. 

Europol, the EU’s law enforcement agency, on Monday announced the arrests on Tuesday in Ukraine of the unnamed individuals alleged to have been behind ransomware attacks that extorted between 5 million to 70 million euros.

Authorities say the two began carrying out a series of “prolific” ransomware attacks in April 2020 against industrial groups in both Europe and North America, encrypting files and threatening to release stolen data online if the victims did not pay the ransoms demanded. 

In addition to the arrests, authorities carried out seven property searches that resulted in the seizure of $375,000 in cash, two six-figure luxury vehicles and the freezing of $1.3 million in cryptocurrencies.

Europol coordinated the operations, with agencies involved including the FBI’s Atlanta Field Office, the French National Cybercrime Centre of the National Gendarmerie, the Cyber Police Department of the National Police of Ukraine and Interpol’s Cyber Fusion Centre.

The arrests came in the wake of months of escalating ransomware attacks that have garnered unprecedented attention from both U.S. officials and those in nations around the world. 

Among the ransomware attacks were prominent ones on Colonial Pipeline, meat producer JBS USA and IT company Kaseya in the U.S., along with an increasing number of hospitals and schools more likely to pay ransoms. Both Colonial Pipeline and JBS chose to pay the hackers to get their systems up and running, though the Justice Department was able to recover the majority of the $4.4 million in cryptocurrency paid by Colonial. 

The Justice Department convened a task force in April to help tackle ransomware threats, while President Biden urged Russian President Vladimir Putin to take action against Russian-based cybercriminals who have increasingly been linked to the attacks. 

Last week, Biden announced that the U.S. would this month convene 30 countries in an effort to combat cybercrime, coordinate cyber law enforcement activities and address cryptocurrency concerns involved in attacks. The meeting will take place during the October Cybersecurity Awareness Month, further putting the spotlight on threats. 

“I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security,” Biden said in a statement last week.