The arrest of ransomware gang in Ukraine

It is malicious software that infects a computer and prevents users from accessing it until a ransom is paid. Many ransomware variants exist, and they try to extract money from victims by displaying an on-screen alert.

The encryption used by ransomware is asymmetric. This is a form of cryptography that uses a pair of keys to encrypt and decrypt files. The attacker develops a private key to decrypt the victim’s files on his server, and the attacker uses the public key to encrypt the victim’s files. Only after the ransom is paid does the attacker provide the victim with the private key.

So, recently the group responsible for ransomware in Ukraine was busted. They were both arrested and are serving jail time.

On September 28, the threat actors were arrested in Kyiv, the capital of Ukraine. After that, the officials began investigating them and discovered that among two members, one of them had been identified as a member of a large ransomware operation.

The law enforcement agencies involved are

• France: National Cybercrime Centre of the National Gendarmerie (C3N)
• United States: Atlanta Field Office of the Federal Bureau of Investigation
• Ukraine: Cyber Police Department of the National Police of Ukraine
• INTERPOL: Cyber Fusion Centre
• Europol: European Cybercrime Centre (EC3)

Moreover, it has been discovered that both suspects belong to the REvil ransomware gang. Nonetheless, the whole investigation was conducted within the framework of the European Multidisciplinary Platform Against Criminal Threats. Not only this, but Europol also fully supports the investigation and has been trying to bring together all the involved countries for a multi-layered approach.