An operation against a network of twelve people involved in attacks on major ransomware infrastructure was carried out by European police in Ukraine and Switzerland, Europol and Eurojust said on Friday.
These individuals "represented a dangerous combination of aggressive disruption and high-stakes targets," European agencies said in a joint statement.
Large targeted companies
At this stage of the investigation, it is not yet clear whether the twelve people will all be subject to legal proceedings, the European police agency Europol said. The group, which "was wreaking havoc across the world" with these cybercrime activities, was targeted during a police and judicial operation Tuesday involving eight countries, said Europol and Eurojust, the European agency for judicial cooperation.
"These cyberactors are known to specifically target large companies, effectively shutting down their activity," added the agencies, adding that the attacks have claimed more than 1,800 victims in 71 countries.
Most of these suspects were already under investigation in several high-profile cases in different countries, they said.
The operation also led to the seizure of $ 52,000 and five luxury vehicles, according to a French police source.
Electronic devices are being analyzed for evidence.
Stolen user credentials
French investigations led to "locating a server hosted in France" and hackers who targeted "ten large French companies", said the divisional commissioner Nicolas Guidoux, deputy director of the fight against cybercrime (SDLC). "The technical exploitation of the server has shown that data from French companies was stolen through the work of hackers who infiltrated the computer system over the long term," he added. The suspects notably stole user credentials and sent phishing emails containing malicious attachments.
They then had plenty of time to explore computer networks undetected, before presenting victims with bitcoin ransom demands in exchange for decryption keys, the European agencies explained.
The suspects claimed victims in different geographic areas of the world.
Some of them are also suspected of laundering bitcoin payments.
Coordinated by Europol and Eurojust, the operation was led by France, Norway, the Netherlands, Ukraine, United Kingdom, Germany, Switzerland and the United States.
High-Tech
United States: The authorities hacked the servers of REvil, a famous and dangerous group of hackers
High-Tech
Malware: The rise of teleworking behind the explosion of malware attacks
Hacker
Investigation
Ransom
Cyber attack
World