Ukrainian Cyber Police Identify Suspected LockBit and Conti Member

Written by

Police in Kyiv have “identified” a 28-year-old man on suspicion of working with big-name Russian ransomware groups to make their malware undetectable.

The Kharkiv native collaborated with Conti and LockBit to deliver cryptor technology designed to obfuscate ransomware payloads so they remained undetectable to anti-malware tools, according to the Ukrainian Cyber Police.

These were apparently used at the end of 2021 to infect the computer networks of a Dutch multinational in the Netherlands and Belgium for the Conti ransomware-as-a-service group.

Responding to a request from law enforcement in the Netherlands, officers searched a location in Kharkiv, seizing computer equipment, mobile phones and handwritten notes. They also searched a property in Kyiv.

Read more on Conti: Conti Group Suffers Massive Data Breach

It’s still unclear whether the suspect has been apprehended. The Ukrainian Cyber Police notice mentions only that the 28-year-old has been “identified” and that the investigation is ongoing.

However, a separate press release from the Dutch police dated last week does seem to confirm that the man was arrested – on April 18 – at their request.

Dutch officers believe the individual played a far bigger role in the ransomware groups than merely providing cryptor capabilities.

“The police were tipped off by the NCSC (National Cyber ​​Security Centre) and, after further investigation, discovered that the Ukrainian man infected the computer networks of a company in the Netherlands with Conti’s malware in 2021; a hacker group that offers ransomware for sale,” the notice explained.

“As a result, company data was encrypted and made inaccessible. The group then demanded a ransom for making the company data accessible again and not leaking it.”

The investigation is part of Operation Endgame, a Europol-led effort to disrupt the criminal networks behind prolific malware families including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.

The 28-year-old’s direct involvement with LockBit was not explained, although the group was on the receiving end of a massive law enforcement operation earlier this year.

What’s hot on Infosecurity Magazine?