Over UAH 3 billion in losses: cyber police and investigators of the National Police exposed hackers who attacked the world's leading companies (VIDEO)
Since 2018, the defendants, using encryption viruses developed by them, have carried out attacks on the servers of leading world companies. During the international police operation, law enforcement officers conducted more than 30 searches and stopped the group's activities.
The Joint Investigation Team (JIT) also includes colleagues from Europol (the EU law enforcement agency for countering international organised crime) and Eurojust (the agency coordinating the EU's judicial authorities).
The attackers have attacked the world's most powerful companies in France, Norway, Germany, the Netherlands, Canada and the United States since 2018. As a result of months of painstaking work, Ukrainian law enforcement, assisted by colleagues from the United States, Norway, the Netherlands, Germany and France, identified the 32-year-old leader of the hacker group and his four most active accomplices.
For hacker attacks, those involved used self-developed malware. In particular, several encryption viruses.
First of all, the attackers hacked into the accounts of employees of the victim enterprise using information from open sources and social engineering techniques. From the appropriated accounts, hackers spread malicious software code in the corporate ecosystem. In this way, attackers gained access to servers and stole information from them.
After that, the data on the victims' computers were encrypted and made unusable. For decrypting information, members of an international hacker group demanded millions in cryptocurrency payments.
For example, when restoring the servers of one of the leading chemical companies in the Netherlands, the attackers ordered to transfer 450 BTC (bitcoins) to a controlled crypto wallet, which is the equivalent of 48 million hryvnias.
The men developed and updated malware, carried out hacker attacks, sought out so-called crypto wallet droppings for ransom, and distributed “earnings” among other members of the group.
It was established that in several years of criminal activity, attackers encrypted more than 1000 servers of global enterprises and caused losses amounting to more than 3 billion hryvnias in national currency.
To neutralize the criminal group and analyze digital data, more than 20 law enforcement officers from Norway, France, Germany and the US Federal Bureau of Investigation arrived in the capital. On the territory of the Netherlands, Europol has established a special working group and a VCP (Virtual Command Point) for the urgent analysis of information received during investigative actions on the territory of Ukraine.
With the strong support of the TOR special unit, law enforcement officers conducted more than 30 authorized searches in the premises and cars of the defendants in Kyiv region, as well as in Cherkasy, Rivne and Vinnytsia regions.
Computer equipment, cars, bank and SIM cards, “rough” records, as well as dozens of electronic media and other evidence of illegal activity were seized. In particular, almost 4 million hryvnias and cryptocurrency assets. The issue of the seizure of seized property is being resolved.
Investigators of the Main Investigation Department of the National Police opened criminal proceedings under Part 2 of Art. 361 (Unauthorized interference in the work of information (automated), electronic communication, information and communication systems, electronic communication networks), part 2 of Art. 361-1 (Creation for the purpose of unlawful use, distribution or sale of malicious software or technical means, as well as their distribution or sale), part 4 of Art. 189 (Extortion) of the Criminal Code of Ukraine. Three defendants have been notified of suspicion.
Investigative actions are underway to determine the location of other members of the group. Based on the results, additional qualifications are possible.
National Police of Ukraine
