Police in Ukraine on Thursday said they broke up a ransomware gang allegedly responsible for extorting more than 50 companies across Europe and the U.S. for more than $1 million.
The Ukrainian Cyberpolice, a division of the country’s national police, announced the arrest of an unnamed 36-year-old man who they say partnered with his wife and three others to carry out ransomware attacks.
The group is also accused of providing virtual private network (VPN) services to other criminals for a fee. VPNs are widely and legally used around the world to shield portions of internet traffic and obscure the end-user’s IP address. But police in Ukraine say this VPN service also allowed customers to download computer viruses, spyware and other malware.
“It was a purely ‘gangster’ service created by criminals for criminals and not under the control of any government or law enforcement agencies,” the Security Service of Ukraine said in a statement.
Allan Liska, an intelligence analyst at cybersecurity firm Recorded Future, told CyberScoop that it’s too soon to fully understand the significance of the arrest, but that 50 victims “sounds like a small to mid-sized [ransomware] affiliate.”
Law enforcement officials from the U.S. and the U.K. participated in nine raids on the man and his associates, the Ukrainian officials said, seizing computer equipment, mobile phones, bank cards, flash drives and three cars.
The FBI did not immediately respond to a request for more information.
The joint law enforcement effort announced Wednesday is just the latest example of cross-government cyber law enforcement activity in Ukraine occurring against the backdrop of major geopolitical tensions involving Ukraine, Russia, the United States and Europe.
In June 2021 officials from the U.S. and Korea worked with Ukrainian law enforcement to target suspects associated with the Cl0p ransomware variant accused of causing up to $500 million in damages in recent years. And in January 2021 agents from the U.S., Germany and Ukraine took down hundreds of computer servers being used as part of the Emotet botnet, which constituted one of the biggest cybercrime threats in recent years.