Europol Targets Hackers Behind Organized Ransomware Attack

Europol have disrupted a network of organized cybercriminals behind a string of ransomware attacks that have affected over 1 800 victims in 71 countries

08 November 2021

According to Europol’s press release,  12 individuals had been “targeted” by the EU’s police agency in raids on 26 October across Ukraine and Switzerland  following a two-year investigation. 

"Sneaky" Undetected Malware

The unnamed suspects were “known for specifically targeting large corporations, effectively bringing their business to a standstill,” Europol said. Report also states that the targeted suspects were highly organized with each individual having a different role in these professional criminal organisations.

The group used multiple mechanisms to compromise IT networks, which included brute force attacks, SQL injections, stolen credentials and phishing emails with malicious attachments. Once on the network, they would focus on moving laterally, “deploying malware such as Trickbot, or post-exploitation frameworks such as Cobalt Strike or PowerShell Empire, to stay undetected and gain further access,” claims Europol.

The tricky part is that criminals would lay in the compromised systems undetected for months, “probing the IT networks for more weaknesses before moving on to monetising the infection by deploying a ransomware,” such as LockerGoga, MegaCortex and Dharma. 

Read more: 12 TARGETED FOR INVOLVEMENT IN RANSOMWARE ATTACKS AGAINST CRITICAL INFRASTRUCTURE by Europol