Ransomware Criminals Arrested In Ukraine

Uploaded on 2020-09-01 in GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW

Ukrainian law enforcement has announced the arrest of a cybercrime gang that has allegedly earned more than $42 million from sophisticated ransomware to encrypt its victims’ data and demand payment for decryption codes, threatening to leak the sensitive information if the ransom is not paid. 

The arrests were a part of a larger Ukrainian campaign named “Bulletproof Exchanger” that aims to identify hubs of malicious activity and track down threat actors.

According to Ukrainian officials, the group has advertised its services on underground criminal forums, where they offered to convert cryptocurrency from criminal activities into a real-world currency for other groups, helping criminals launder their ill-gotten profits. The arrests took place in June, but now details have been released in press statement by the cryptocurrency exchange, Binance and Ukraine Cyber Police

Binance, who collaborated in the investigation, said the group worked with other ransomware gangs as well as spreading ransomware themselves.

These arrest also marks the first fruits of "Bulletproof Exchanger," an internal Binance project that the company started earlier this year. The project's goal is to identify hubs of malicious activity in the cryptocurrency ecosystem, track down the operators, and work with authorities to arrest and shut them down. Binance said it began building a database of various signals and data sets earlier this year, such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics.

Once Binance had a full database at its disposal, the company partnered with TRM Labs, a blockchain analysis firm specialised in detecting financial fraud. Binance said TRM Labs came in and combed through "a massive amount of blockchain transaction data to analyse and correlate with suspicious activity" and eventually identify a first bulletproof exchanger and one of its clients, a ransomware gang.

Binance says that its Bulletproof Exchanger Project will continue to operate going forward and that it hopes to track down similar criminal cash-out points and cybercrime groups in the near future.

 If convicted, the indicted gang members face a a penalty time of up to 8 years in prison.

Other Criminal Arrests

The Ministry of Internal Affairs of Belarus, along with Cyber police of Great Britain and Romania, has subsequently arrested one of the the Ukrainain gang's affiliates who was also distributing malware.

The suspect registered on the dark web underground forum to apply as a distributor for the malware. Once he acquired access to the web panel, he adjusted several settings of the ransomware, which allowed him to deliver a customised version of GandCrab via malicious spam email attachments to as many as 1,000 victims in more than 100 countries.  

He is said to demand around $1,200 per victim, most of which were located in the US, United Kingdom, Germany, France, India, Russia, and Italy. The 31-year old, who was not publicly named, is claimed to have no criminal record in the past, although was previously involved in the distribution of crypto-miners.

Binance:     Oodaloop:      HackRead:        ZDNet:      2-Spyware:     Image: PXFuel

You Might Also Read:

Identity Theft - A Very Personal Hacking Attack:

 

« Financial Fraud Using Fake Celebrity Endorsements
Ransomware Victim Travelex Folds »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

Halborn

Halborn

Elite blockchain cybersecurity. Award-winning ethical blockchain hackers to secure your stack end-to-end. Far beyond smart contracts.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.