Ransomware Criminals Arrested In Ukraine

Ukrainian law enforcement has announced the arrest of a cybercrime gang that has allegedly earned more than $42 million from sophisticated ransomware to encrypt its victims’ data and demand payment for decryption codes, threatening to leak the sensitive information if the ransom is not paid. 

The arrests were a part of a larger Ukrainian campaign named “Bulletproof Exchanger” that aims to identify hubs of malicious activity and track down threat actors.

According to Ukrainian officials, the group has advertised its services on underground criminal forums, where they offered to convert cryptocurrency from criminal activities into a real-world currency for other groups, helping criminals launder their ill-gotten profits. The arrests took place in June, but now details have been released in press statement by the cryptocurrency exchange, Binance and Ukraine Cyber Police

Binance, who collaborated in the investigation, said the group worked with other ransomware gangs as well as spreading ransomware themselves.

These arrest also marks the first fruits of "Bulletproof Exchanger," an internal Binance project that the company started earlier this year. The project's goal is to identify hubs of malicious activity in the cryptocurrency ecosystem, track down the operators, and work with authorities to arrest and shut them down. Binance said it began building a database of various signals and data sets earlier this year, such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics.

Once Binance had a full database at its disposal, the company partnered with TRM Labs, a blockchain analysis firm specialised in detecting financial fraud. Binance said TRM Labs came in and combed through "a massive amount of blockchain transaction data to analyse and correlate with suspicious activity" and eventually identify a first bulletproof exchanger and one of its clients, a ransomware gang.

Binance says that its Bulletproof Exchanger Project will continue to operate going forward and that it hopes to track down similar criminal cash-out points and cybercrime groups in the near future.

 If convicted, the indicted gang members face a a penalty time of up to 8 years in prison.

Other Criminal Arrests

The Ministry of Internal Affairs of Belarus, along with Cyber police of Great Britain and Romania, has subsequently arrested one of the the Ukrainain gang's affiliates who was also distributing malware.

The suspect registered on the dark web underground forum to apply as a distributor for the malware. Once he acquired access to the web panel, he adjusted several settings of the ransomware, which allowed him to deliver a customised version of GandCrab via malicious spam email attachments to as many as 1,000 victims in more than 100 countries.  

He is said to demand around $1,200 per victim, most of which were located in the US, United Kingdom, Germany, France, India, Russia, and Italy. The 31-year old, who was not publicly named, is claimed to have no criminal record in the past, although was previously involved in the distribution of crypto-miners.

Binance:     Oodaloop:      HackRead:        ZDNet:      2-Spyware:     Image: PXFuel

You Might Also Read:

Identity Theft - A Very Personal Hacking Attack:

 

« Financial Fraud Using Fake Celebrity Endorsements
Ransomware Victim Travelex Folds »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

National Defense Industry Association (NDIA)

National Defense Industry Association (NDIA)

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.