Ransomware Criminals Arrested In Ukraine

Uploaded on 2020-09-01 in GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW

Ukrainian law enforcement has announced the arrest of a cybercrime gang that has allegedly earned more than $42 million from sophisticated ransomware to encrypt its victims’ data and demand payment for decryption codes, threatening to leak the sensitive information if the ransom is not paid. 

The arrests were a part of a larger Ukrainian campaign named “Bulletproof Exchanger” that aims to identify hubs of malicious activity and track down threat actors.

According to Ukrainian officials, the group has advertised its services on underground criminal forums, where they offered to convert cryptocurrency from criminal activities into a real-world currency for other groups, helping criminals launder their ill-gotten profits. The arrests took place in June, but now details have been released in press statement by the cryptocurrency exchange, Binance and Ukraine Cyber Police

Binance, who collaborated in the investigation, said the group worked with other ransomware gangs as well as spreading ransomware themselves.

These arrest also marks the first fruits of "Bulletproof Exchanger," an internal Binance project that the company started earlier this year. The project's goal is to identify hubs of malicious activity in the cryptocurrency ecosystem, track down the operators, and work with authorities to arrest and shut them down. Binance said it began building a database of various signals and data sets earlier this year, such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics.

Once Binance had a full database at its disposal, the company partnered with TRM Labs, a blockchain analysis firm specialised in detecting financial fraud. Binance said TRM Labs came in and combed through "a massive amount of blockchain transaction data to analyse and correlate with suspicious activity" and eventually identify a first bulletproof exchanger and one of its clients, a ransomware gang.

Binance says that its Bulletproof Exchanger Project will continue to operate going forward and that it hopes to track down similar criminal cash-out points and cybercrime groups in the near future.

 If convicted, the indicted gang members face a a penalty time of up to 8 years in prison.

Other Criminal Arrests

The Ministry of Internal Affairs of Belarus, along with Cyber police of Great Britain and Romania, has subsequently arrested one of the the Ukrainain gang's affiliates who was also distributing malware.

The suspect registered on the dark web underground forum to apply as a distributor for the malware. Once he acquired access to the web panel, he adjusted several settings of the ransomware, which allowed him to deliver a customised version of GandCrab via malicious spam email attachments to as many as 1,000 victims in more than 100 countries.  

He is said to demand around $1,200 per victim, most of which were located in the US, United Kingdom, Germany, France, India, Russia, and Italy. The 31-year old, who was not publicly named, is claimed to have no criminal record in the past, although was previously involved in the distribution of crypto-miners.

Binance:     Oodaloop:      HackRead:        ZDNet:      2-Spyware:     Image: PXFuel

You Might Also Read:

Identity Theft - A Very Personal Hacking Attack:

 

« Financial Fraud Using Fake Celebrity Endorsements
Ransomware Victim Travelex Folds »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Evolve Secure Solutions

Evolve Secure Solutions

Evolve Secure Solutions is a security focused managed services provider serving private and public customers across the UK.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.