Police raid in Ukraine results in arrests of 2 alleged ransomware hackers

Outsiders suggested REvil was the target of the police said, which involved the FBI.
The hacker's set-up. (Cyberpolice of Ukraine)

Europol coordinated with the FBI, French national police and Ukrainian National Police to arrest two members of an active ransomware group, the police agency Europol said Monday.

The statement did not name the group the suspects allegedly worked for, said the scammers pulled off attacks against “very large industrial groups in Europe and North America from April 2020 onwards.” The group uses a double-extortion technique in which it locks up the victim’s servers and then threatens to leak sensitive data if the victim does not pay, according to authorities.

The raid comes amid growing interest in strengthening global cooperation against the threat of ransomware. The White House will host a summit of 30 countries in October to discuss the growing threat of ransomware, as reported by CNN. The council of the European Union will meet Wednesday to discuss a potential Joint Cyber Unit Initiative and U.S. ransomware initiatives.

Authorities from Ukraine, France, the U.S., Interpol and Europol were involved in the most recent operation.


Europol spokeswoman Claires Georges said on Twitter that the agency withholds the name of a targeted group if there is “an operational reason,” suggesting that the arrest may be a part of a bigger takedown in the works.

Demands made by the group have reached up to $70 million, authorities say. The exorbitant amount matches what REvil hackers demanded after a hack of U.S. software management company Kaseya in July, leading to speculation that the group may have been the target of the raid. (A number of ransomware groups also have demanded sums in the tens of millions of dollars.)

One of the alleged ransomware group members, a 25-year-old Ukrainian, is accused of attacking more than 100 companies in North America and Europe, causing damages reaching $150 million, according to a press release from the Ukrainian National Police.  Ukrainian police found ample amounts of Capri Sun, a musical keyboard, recording set-up, designer swag and Louis Vuitton boxes full of U.S. dollars in the hacker’s Kyiv apartment, according to a video of the September 28 raid released by police.

Investigators seized $375,000 in cash in total, two luxury vehicles, and froze $1.3 million in cryptocurrency assets as a part of the operation.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts