Twelve threat actors were singled out by Europol last week in a major ransomware operation targeting multiple organized crime groups.
The unnamed suspected are believed to have been involved in deploying the LockerGoga, MegaCortex and Dharma variants or laundering the proceeds, the trans-national policing group claimed.
Focusing their efforts mainly on large organizations, the suspects impacted over 1800 victims in 71 countries, it added.
Individual players had specific roles, such as: gaining initial network access via phishing or brute-forcing credentials and SQL injection; lateral movement using Trickbot, Cobalt Strike or PowerShell Empire; and sending ransom demands for Bitcoin payment.
A joint investigation team (JIT) was first set up to tackle the threat in September 2019 – comprising police in Norway, France, the UK and Ukraine.
Last Wednesday, an action day in Ukraine and Switzerland led to the seizure of over $52,000 in cash, five luxury vehicles, and several electronic devices. However, it’s not clear whether the 12 have been arrested or charged.
Europol would only say that they are “high-value targets” under investigation in multiple high-profile cases in different jurisdictions.
Police from Norway, France, the Netherlands, UK, Ukraine, Germany, Switzerland and the US took part last week, alongside Europol and Eurojust.
More than 50 investigators were present, while a Ukrainian cyber specialist was seconded to Europol for two months to prepare for the action day.
According to SonicWall data released last week, the number of ransomware attacks in the first three quarters of 2021 surged 148% year-on-year to reach 470 million.
That makes 2021 already the worst year on record for attacks, the vendor claimed. Q3 2021 alone saw SonicWall customers hit with 190.4 million attempts, nearly as much as the total for 2020: 195.6 million.