Tag Archive for: Europol

Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer


Ragnar Locker Ransomware

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a “key target” in France.

“In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia,” the agency said. “The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.”

Five other accomplices associated with the ransomware gang are said to have been interviewed in Spain and Latvia, with the servers and the data leak portal seized in the Netherlands, Germany, and Sweden.

The effort is the latest coordinated exercise involving authorities from Czechia, France, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the U.S. Two suspects associated with the ransomware crew were previously arrested from Ukraine in 2021. A year later, another member was apprehended in Canada.

Ragnar Locker, which first emerged in December 2019, is known for a string of attacks targeting critical infrastructure entities across the world. According to Eurojust, the group has committed attacks against 168 international companies worldwide since 2020.

“The Ragnar Locker group was known to employ a double extortion tactic, demanding extortionate payments for decryption tools as well as for the non-release of the sensitive data stolen,” Europol said.

Cybersecurity

Ukraine’s Cyber Police said it conducted raids at one of the suspected members’ premises in Kyiv, confiscating laptops, mobile phones and electronic media.

The law enforcement action coincides with the Ukrainian Cyber Alliance (UCA) infiltrating and shutting down the leak site run by the Trigona ransomware group and wiping out 10 of the servers, but not before exfiltrating the data stored in them. There is evidence to suggest that the Trigona actors used Atlassian Confluence for their activities.

Just as the dismantling of Hive and Ragnar Locker represents ongoing efforts to tackle the ransomware menace, so are the initiatives undertaken by threat actors to evolve and rebrand under new names. Hive, for instance, has resurfaced as Hunters International.

The development…

Source…

Europol Captures 12 Behind Ransomware Attacks on 1,800 Victims


Image for article titled Europol Captures 12 Suspects Believed to Have Used Ransomware to Attack 1,800 Victims in 71 Countries

Photo: Rob Engelaar / ANP / AFP (Getty Images)

The fight against ransomware attacks continues, this time on the other side of the Atlantic. Following a two-year investigation, Europol announced this week that it had captured 12 individuals in various criminal organizations who were “wreaking havoc across the world” by launching ransomware attacks on critical infrastructure.

According to Europol, the suspects are believed to have carried out attacks affecting more than 1,800 victims in 71 countries. The group is known for targeting large businesses and is suspected to have been behind an attack on Norsk Hydro—a global aluminum manufacturer based in Norway—in 2019, which forced it to stop production across its factories in two continents. The attack paralyzed Norsk Hydro for almost a week and cost the company more than $50 million.

Europol seized more than $52,000 in cash from the suspects as well as five luxury vehicles. The agency is currently performing a forensic analysis on the group’s electronic devices to “secure evidence and identify new investigative leads.”

The international sting was coordinated by Europol and Eurojust, the European Union’s agency for criminal justice cooperation, and included authorities from eight different countries, including the U.S. and the UK. It took place in Ukraine and Switzerland on Oct.26, Europol said in a news announcement.

It’s not clear whether the suspects in question have been arrested or charged, with Europol only saying they were “targeted.”

“Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions,” the agency said.

Each of the cybercriminals had different roles in the criminal organizations. Some were in charge of penetrating the victims’ IT networks and did so using various means, including brute force attacks, SQL injections, stolen credentials, and phishing emails with malicious attachments.

Others got to work once their pals had accessed victims’ IT networks. After the fact, they would deploy malware, such as Trickbot, and other tools to help them stay under the radar and gain further…

Source…

Get more proactive on cyber security, says ex Europol chief – ComputerWeekly.com

Get more proactive on cyber security, says ex Europol chief  ComputerWeekly.com

Business needs to get more proactive, collaborative, resilient and analytical to manage cyber risks posed by cyber criminals down to acceptable levels, says …

“computer security news” – read more