Ransomware Criminals Arrested In Ukraine

Uploaded on 2020-09-01 in GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW

Ukrainian law enforcement has announced the arrest of a cybercrime gang that has allegedly earned more than $42 million from sophisticated ransomware to encrypt its victims’ data and demand payment for decryption codes, threatening to leak the sensitive information if the ransom is not paid. 

The arrests were a part of a larger Ukrainian campaign named “Bulletproof Exchanger” that aims to identify hubs of malicious activity and track down threat actors.

According to Ukrainian officials, the group has advertised its services on underground criminal forums, where they offered to convert cryptocurrency from criminal activities into a real-world currency for other groups, helping criminals launder their ill-gotten profits. The arrests took place in June, but now details have been released in press statement by the cryptocurrency exchange, Binance and Ukraine Cyber Police

Binance, who collaborated in the investigation, said the group worked with other ransomware gangs as well as spreading ransomware themselves.

These arrest also marks the first fruits of "Bulletproof Exchanger," an internal Binance project that the company started earlier this year. The project's goal is to identify hubs of malicious activity in the cryptocurrency ecosystem, track down the operators, and work with authorities to arrest and shut them down. Binance said it began building a database of various signals and data sets earlier this year, such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics.

Once Binance had a full database at its disposal, the company partnered with TRM Labs, a blockchain analysis firm specialised in detecting financial fraud. Binance said TRM Labs came in and combed through "a massive amount of blockchain transaction data to analyse and correlate with suspicious activity" and eventually identify a first bulletproof exchanger and one of its clients, a ransomware gang.

Binance says that its Bulletproof Exchanger Project will continue to operate going forward and that it hopes to track down similar criminal cash-out points and cybercrime groups in the near future.

 If convicted, the indicted gang members face a a penalty time of up to 8 years in prison.

Other Criminal Arrests

The Ministry of Internal Affairs of Belarus, along with Cyber police of Great Britain and Romania, has subsequently arrested one of the the Ukrainain gang's affiliates who was also distributing malware.

The suspect registered on the dark web underground forum to apply as a distributor for the malware. Once he acquired access to the web panel, he adjusted several settings of the ransomware, which allowed him to deliver a customised version of GandCrab via malicious spam email attachments to as many as 1,000 victims in more than 100 countries.  

He is said to demand around $1,200 per victim, most of which were located in the US, United Kingdom, Germany, France, India, Russia, and Italy. The 31-year old, who was not publicly named, is claimed to have no criminal record in the past, although was previously involved in the distribution of crypto-miners.

Binance:     Oodaloop:      HackRead:        ZDNet:      2-Spyware:     Image: PXFuel

You Might Also Read:

Identity Theft - A Very Personal Hacking Attack:

 

« Financial Fraud Using Fake Celebrity Endorsements
Ransomware Victim Travelex Folds »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Idaptive

Idaptive

Idaptive delivers Next-Gen Access through a zero trust approach. Idaptive secures access everywhere with single sign-on, adaptive MFA, EMM and analytics.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

Vehere

Vehere

Vehere specialises in mission critical signals aquisition and analytics platform and cyber defence systems.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Asimily

Asimily

Asimily’s IoMT risk remediation platform holistically secures the mission-critical healthcare devices that deliver safe and reliable care.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.

Servadus

Servadus

Servadus help organizations with their cybersecurity and compliance programs through management and sustainability, consulting, and assessing.