In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
The cybercriminals paralyzed major corporations' operations in attacks using ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma.
Roles within this criminal network varied significantly: some members breached IT networks, while others reportedly helped launder the cryptocurrency payments made by victims to decrypt their files.
The attackers gained access to their targets' networks by stealing user credentials in brute force and SQL injection attacks, as well as using phishing emails with malicious attachments.
Once in, they used tools like TrickBot malware, Cobalt Strike, and PowerShell Empire to move laterally and compromise other systems before triggering previously deployed ransomware payloads.
The investigation unveiled that this organized group of ransomware affiliates encrypted more than 250 servers of major corporations, leading to losses exceeding several hundred million euros.
