Ukrainian police officers have arrested a ransomware affiliate group responsible for attacking at least 50 companies in the U.S. and Europe.
It is estimated that the total losses resulting from the attacks is in excess of one million U.S. dollars.
A 36-year-old resident of Ukraine’s capital Kiev was identified as the leader of the group, which included his wife and three other acquaintances, the police states.
It is unclear what ransomware strain the gang used to encrypt data on victim computers but they delivered the malware through spam emails.
Three members of the gang received the ransoms from paying victims in cryptocurrency. In exchange, they provided the decryption tool to restore data, the Ukrainian police says in an announcement today.
“According to preliminary data, more than 50 companies were affected by the attacks, the total amount of damage reaches more than one million US dollars,” the police adds.
To legalize the funds received as ransom payments, the attackers carried out complex financial transactions using online payment services that are banned in Ukraine, passing them around in an extensive network of fictitious identities.
Apart from the ransomware activity, the actors also VPN-like services that enabled other cybercriminals to carry out illegal activities ranging from downloading malware to hacking.
The investigation revealed that these services were used to compromise systems belonging tio government and commercial organizations to steal sensitive data, deploy ransomware, or launch distributed denial-of-service (DDoS) attacks.
One of the defendants was also stealing card data of British citizens to buy items from online stores and then resell them online. This process is a simple way to convert into cash the funds on stolen cards.
The police raided the homes and cars of nine suspects and confiscated computer equipment, bank cards, and flash drives which investigators will examine for additional evidence that could lead to more arrests.
The suspects face criminal charges relevant to money laundering, interference in computers and networks, and the creation, use, distribution, and sale of malicious software.
These arrests are a joint effort from law enforcement officers in the U.K., the U.S. and Ukraine.
Law enforcement crackdown
The cybercrime unit of the Ukrainian police has been very active in recent months, arresting ransomware actors, fraudsters, botnet operators, and phishing actors.
More specifically, the SSU arrested the following actors recently: