Ransomware Criminals Arrested In Ukraine

Ukrainian law enforcement has announced the arrest of a cybercrime gang that has allegedly earned more than $42 million from sophisticated ransomware to encrypt its victims’ data and demand payment for decryption codes, threatening to leak the sensitive information if the ransom is not paid. 

The arrests were a part of a larger Ukrainian campaign named “Bulletproof Exchanger” that aims to identify hubs of malicious activity and track down threat actors.

According to Ukrainian officials, the group has advertised its services on underground criminal forums, where they offered to convert cryptocurrency from criminal activities into a real-world currency for other groups, helping criminals launder their ill-gotten profits. The arrests took place in June, but now details have been released in press statement by the cryptocurrency exchange, Binance and Ukraine Cyber Police

Binance, who collaborated in the investigation, said the group worked with other ransomware gangs as well as spreading ransomware themselves.

These arrest also marks the first fruits of "Bulletproof Exchanger," an internal Binance project that the company started earlier this year. The project's goal is to identify hubs of malicious activity in the cryptocurrency ecosystem, track down the operators, and work with authorities to arrest and shut them down. Binance said it began building a database of various signals and data sets earlier this year, such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics.

Once Binance had a full database at its disposal, the company partnered with TRM Labs, a blockchain analysis firm specialised in detecting financial fraud. Binance said TRM Labs came in and combed through "a massive amount of blockchain transaction data to analyse and correlate with suspicious activity" and eventually identify a first bulletproof exchanger and one of its clients, a ransomware gang.

Binance says that its Bulletproof Exchanger Project will continue to operate going forward and that it hopes to track down similar criminal cash-out points and cybercrime groups in the near future.

 If convicted, the indicted gang members face a a penalty time of up to 8 years in prison.

Other Criminal Arrests

The Ministry of Internal Affairs of Belarus, along with Cyber police of Great Britain and Romania, has subsequently arrested one of the the Ukrainain gang's affiliates who was also distributing malware.

The suspect registered on the dark web underground forum to apply as a distributor for the malware. Once he acquired access to the web panel, he adjusted several settings of the ransomware, which allowed him to deliver a customised version of GandCrab via malicious spam email attachments to as many as 1,000 victims in more than 100 countries.  

He is said to demand around $1,200 per victim, most of which were located in the US, United Kingdom, Germany, France, India, Russia, and Italy. The 31-year old, who was not publicly named, is claimed to have no criminal record in the past, although was previously involved in the distribution of crypto-miners.

Binance:     Oodaloop:      HackRead:        ZDNet:      2-Spyware:     Image: PXFuel

You Might Also Read:

Identity Theft - A Very Personal Hacking Attack:

 

« Financial Fraud Using Fake Celebrity Endorsements
Ransomware Victim Travelex Folds »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

River Loop Security

River Loop Security

River Loop Security specialize in solving complex cybersecurity challenges in the IoT and embedded devices space.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.