Society

Hackers in the crosshairs: how an international operation neutralized a ransomware group with billions in loot

The Office of the Prosecutor General of Ukraine, in cooperation with law enforcement agencies of the United States, EU countries, and Europol, has announced the neutralization of one of the world’s most active hacker groups.

Since 2018, the attackers have been attacking servers of leading companies in Europe and North America, causing losses of more than UAH 3 billion, "Komersant Ukrainian" reports.

One of the group’s leaders was notified of suspicion in absentia and put on the international wanted list. The US FBI has set a reward of up to $10 million for information on his whereabouts.

The group’s scheme of work

• They used LockerGoga, MegaCortex, HIVE and Dharma ransomware.
• They blocked access to company servers, demanding a ransom in cryptocurrency.
• The group had a clear structure: from software developers and corporate network hackers to those who legalized the proceeds.
• More than 1000 servers in France, Norway, Germany, the Netherlands, Canada, and the United States were encrypted.

Legal implications

• In August 2024, a pre-trial investigation was completed against one of the key participants. He is charged with:
  • unauthorized interference with information systems,
  • creation of malicious programs,
  • extortion.
• The articles provide for up to 12 years in prison.
• Several members of the network have already been arrested in Ukraine, and some have been brought to trial.
• One of the foreigners was extradited to the United States.

International aspect

The operation was an example of effective cooperation between Ukraine and international partners in the field of cybersecurity. It was coordination with Europol, the FBI and EU law enforcement that made it possible to trace the structure of the group and neutralize its activities.

Why it is important

• The group was one of the most active cybercrime networks in the world.
• The attacks blocked the work of corporations and could paralyze critical infrastructures.
• The joint actions of law enforcement agencies prove that even transnational hacker networks cannot go unpunished.

As a reminder, ransomware groups remain one of the main cyber threats to businesses and government institutions worldwide.

For example, the WannaCry ransomware attack in 2017 affected more than 200,000 computers in 150 countries, causing billions of dollars in losses. Ukraine has repeatedly been the target of such attacks, including the NotPetya cyberattack in 2017, which paralyzed government agencies and businesses.

Reading now

Temporary protection in the EU: all possible scenarios for Ukrainians after the expiration of the term

From princes to billionaires: who wants to ban AI “superintelligence” and why

SBI to open criminal proceedings against Ukrenergo head Kudrytskyy, – court ruling

ZNPP reconnected to the Ukrainian power grid: how the plant was brought out of record blackout