Ransomware gang dismantled by Europol after string of raids across Ukraine

News
By published

Five individuals arrested after a joint effort spearheaded by Europol

Ransomware attack on a computer
(Image credit: Kaspersky)

An international team of law enforcement agents, spearheaded by Europol, arrested five individuals allegedly involved in multiple ransomware attacks.

As part of the arrests, the police also raided multiple properties and confiscated computers, cars, bank cards, SIM cards, various items of electronic media, and roughly $110,000 in cryptocurrencies.

According to TechCrunch, those arrested were part of a cyber gang performing attacks from within Ukraine, with the groups leader (32) also being arrested during the raids.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Years-long investigation

While neither the group, nor the individuals, were named, the police did state that they used LockerGoga, MegaCortex, Hive, and Dharma ransomware variants, with more than 1,800 people worldwide being affected by the attacks.

The police accuse them of encrypting more than 250 servers belonging to large corporations and extorting “several hundred million euros” from their victims.

There were more than 20 agents involved in the investigation, including those in Norway, France, Germany, the United States, and Ukraine - where the arrests were made.

According to Europol, the arrests were a continuation of a 2021 investigation that resulted in the arrest of 12 individuals in Ukraine and Switzerland with these arrests directly contributing to the discovery of the individuals arrested in Ukraine.

Ransomware is currently one of the most disruptive forms of cybercrime out there. The majority of SMBs and enterprises out there have either experienced a ransomware attack in the last couple of years or are expecting to suffer one in the coming months. 

In the attack, the threat actors would first sneak their way past the company’s defenses (either via a stolen/leaked credential, dropping malware via a zero-day vulnerability in different hardware and software, or similar), map out the endpoints on the network, and scan for cloud services. 

Then, they would exfiltrate sensitive data and deploy a decryptor which would lock the company out of all of its digital assets. Finally, the threat actors would demand payment in cryptocurrency, in exchange for the decryption key and for not leaking the stolen data.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
8base ransomware site taken down in global police operation
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Cyber crime concept with man in handcuffs
Global police operation takes down major cybercrime and hacking forums
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Toni Collette in Hereditary

Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
See more latest
Most Popular
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools