Law Enforcement Hunts Ransomware Gang Behind Major Losses
▼ Summary
– Ukrainian and German law enforcement identified two members of a Russian-affiliated ransomware group and conducted searches in western Ukraine.
– They also named a Russian national as the alleged organizer, placing him on an INTERPOL wanted list for potential connections to the Conti ransomware operation.
– The two suspects specialized in technical intrusions, extracting passwords to access and elevate privileges within corporate networks.
– The group targeted companies and public authorities in Western countries, causing hundreds of millions of euros in losses from hundreds of attacks between 2022 and 2025.
– The international investigation involved agencies from Ukraine, Germany, Switzerland, the Netherlands, and the UK, with support from Europol.
A coordinated international law enforcement effort has led to significant progress in dismantling a major ransomware operation. Authorities in Ukraine and Germany have successfully identified two key members of a Russian-affiliated cybercrime group, executing search operations in western Ukraine. Investigators also named the alleged organizer, a Russian national, and placed him on an international wanted list through INTERPOL. This individual is believed to have connections to the notorious Conti ransomware syndicate, signaling a targeted strike against a sophisticated and damaging criminal network.
The two apprehended suspects played critical technical roles within the organization. Their expertise lay in the initial stages of intrusion, specifically focused on password extraction from protected systems using specialized software. By harvesting legitimate employee credentials, they could seamlessly access corporate networks. Once inside, they worked to elevate account privileges, a move that granted them deeper and more persistent control over the victim’s internal infrastructure. This foundational access was essential for the group to deploy ransomware and lock down entire systems.
During the executed searches, police secured crucial evidence, including digital storage devices and cryptocurrency assets directly linked to the group’s illicit activities. The seizure of these assets represents a direct financial blow to the criminal enterprise, potentially disrupting its operations and funding.
The scale of the group’s criminal campaign was vast. Law enforcement agencies stated that the group targeted companies, institutions, and public authorities across economically developed Western countries. Their attacks, spanning from 2022 into 2025, are believed to have impacted hundreds of organizations. The financial damage inflicted is staggering, with reported losses estimated to reach hundreds of millions of euros for the victims.
This breakthrough is the result of extensive multinational collaboration. The investigation brought together agencies from Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom, with critical coordination support provided by Europol. This action follows earlier operations, including previous searches in Ukraine’s Kharkiv region conducted at the request of international partners, demonstrating a sustained and widening effort to combat transnational cybercrime. The operation underscores a growing global resolve to pursue ransomware actors aggressively, targeting not just the malware but the individuals and infrastructure behind these costly attacks.
(Source: HelpNet Security)
