DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Two members of ransomware gang arrested in Ukraine with Europol’s support

Posted on October 4, 2021 by Dissent

On 28 September, a coordinated strike between the French National Gendarmerie (Gendarmerie Nationale), the Ukrainian National Police (Національна поліція України) and the United States Federal Bureau of Investigation (FBI), with the coordination of Europol and INTERPOL, has led to the arrest in Ukraine of two prolific ransomware operators known for their extortionate ransom demands (between €5 to €70 million).

Results of the action day

  • 2 arrests and 7 property searches
  • Seizure of US$ 375,000 in cash
  • Seizure of two luxury vehicles worth €217,000
  • Asset freezing of $1.3 million in cryptocurrencies

The organised crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files.

They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met.

Close cooperation between the involved law enforcement authorities, supported by Europol’s Joint Cybercrime Action Taskforce (J-CAT), led to the identification in Ukraine of these two individuals.

Six investigators from the French Gendarmerie, four from the US FBI, a prosecutor from the French Prosecution Office of Paris, two specialists from Europol’s European Cybercrime Centre (EC3) and one INTERPOL officer were deployed to Ukraine to jointly conduct investigative measures with the National Police.

Europol supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised 12 coordination meetings to prepare for the action day, alongside providing analytical, malware, forensic and crypto-tracing support. A virtual command post was set up by Europol to ensure seamless coordination between all the authorities involved.

The following law enforcement authorities took part in this investigation:

  • France: National Cybercrime Centre of the National Gendarmerie (C3N)
  • Ukraine: Cyber Police Department of the National Police of Ukraine
  • United States: Atlanta Field Office of the Federal Bureau of Investigation
  • Europol: European Cybercrime Centre (EC3)
  • INTERPOL : Cyber Fusion Centre

This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

Source:  EUROPOL

In related news, the Ukrainian CyberPolice revealed that one of those arrested is a 25 year-old man believed to have been involved in more than 100 attacks on Northern European and American entities.  In their press release, the Ukrainian authorities stated that among the victims are world-famous energy and tourism companies, as well as equipment developers.

In an email to DataBreaches.net, the Ukrainian cyberpolice declined to provide any more details so as not to prejudice the ongoing investigation.

Updated at 9:14 am to include response from Ukrainian cyberpolice.

Category: MalwareOf Note

Post navigation

← Threat actors sometimes name the wrong victims — so why are you just repeating their claims?
Hackers May Have Had Access to Billions of Texts for Years, Global Telecom Company Admit →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.