On 28 September 2021 a successful coordinated Police operation took down an international ransomware gang in Ukraine. A coordinated strike by the French National Gendarmerie (Gendarmerie Nationale), the Ukrainian National Police (Національна поліція України) and the United States Federal Bureau of Investigation (FBI), with the coordination of Europol and INTERPOL, led to the arrest of two prolific ransomware operators known for their extortionate ransom demands (between €5 to €70 million). This resulted in:
- 2 arrests and 7 property searches
- Seizure of US$ 375,000 in cash
- Seizure of two luxury vehicles worth €217,000
- Asset freezing of $1.3 million in cryptocurrencies
The organised crime group is suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards. The criminals deployed malware and stole sensitive data from these companies, before encrypting their files. They then offered a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met.
Europol supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised 12 coordination meetings to prepare for the action day, alongside providing analytical, malware, forensic and crypto-tracing support. A virtual command post was set up by Europol to ensure seamless coordination between all the authorities involved.
The following law enforcement authorities took part in the investigation:
- France: National Cybercrime Centre of the National Gendarmerie (C3N)
- Ukraine: Cyber Police Department of the National Police of Ukraine
- United States: Atlanta Field Office of the Federal Bureau of Investigation
- Europol: European Cybercrime Centre (EC3)
- INTERPOL : Cyber Fusion Centre
The operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including social engineering and ransomware.