Enlarge image
An illuminated computer keyboard (symbol picture)
Photo: Nicolas Armer / dpa
A few days ago, international investigators carried out a heavy blow against a group of globally operating cybercriminals, as Europol and the European judicial authority Eurojust announced on Friday in The Hague.
Twelve alleged key figures have been identified.
The suspects are said to be responsible for "devastating cyberattacks" on large companies and important infrastructures.
The two European investigative authorities assume that there are more than 1,800 victims in 71 countries.
The investigators had accessed on Tuesday in Ukraine and Switzerland. When the suspects' homes were searched, 52,000 euros in cash and five luxury cars were seized. The electronic devices seized in the course of the operation are currently being forensically examined to secure evidence and identify new leads.
The suspects were reported to have various functions in what is known as the "highly professional" criminal organization.
According to this, some were responsible for finding weak points in the protective measures of computer networks and using them to establish access to the networks.
To do this, they used different attack methods, such as brute force attacks, in which computers independently try thousands or millions of combinations of usernames and passwords.
They would also have obtained access data from authorized network users via phishing emails.
more on the subject
Notorious ransomware group: German investigators unmask alleged »REvil« backstroke
Ransomware damage worth millions: Suspected online blackmailer arrested in Ukraine
According to the authorities, other criminals subsequently placed malware such as TrickBot in the compromised networks and then spent months searching undetected in the systems for further weaknesses. Only then was ransomware, i.e. ransomware, activated, which encrypted the victims' data and made it unusable. For the release of the decryption codes, high ransom payments in Bitcoin were required. The authorities speak of the "extremely damaging consequences" of the attacks. The perpetrators are said to have used various ransomware variants that are rented out by the respective developers, including LockerGoga, MegaCortex and Dharma.
The victims are said to have included aluminum manufacturer Norsk Hydro, which was infected with ransomware in 2019, which had an impact on production and administration.
Investigators from eight European countries and the USA were involved in the operation coordinated by Europol and Eurojust.
The Reutlingen Police Headquarters was involved from Germany.
mak / dpa
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/RIEGNR2BRDHJGVEUXQK5ZTXPMI.jpg)
