December 8, 2021

Arunachal Front

Complete News World

How French Internet investigators removed a large hacker network in Switzerland and Ukraine

Their malicious actions affected 1,800 victims in 71 countries and their release from prison ended at dawn on Tuesday in Operation 5th Element. After a two-year meticulous investigation under Europol, an international team of 50 police officers – including forensic police experts – coordinated the arrest of 12 cybercriminals in Ukraine and Switzerland. They blocked their targets and extorted money Powerful “ransomware”, In other words, malicious software that encrypts the data of a computer, server, or network of a company or local authority so that it cannot be fully read.

Six Europol police officers collaborated with other European and American experts.

The investigation began with the filing of a complaint by a large French company that was attacked by the LockerGoga ransomware in early 2019. The TGI’s special prosecutor’s office in Paris has captured the Judicial Police, which coordinates investigations into cyber-attacks of the “ransomware” type.

Led by the Central Office for the Fight Against Information and Communication Technology (OCLCTIC) crimes, cyber sluts in eight countries where hackers were most prevalent are involved in online investigations: the Netherlands, Norway, Germany, the United Kingdom and the United States. But even Ukrainian police services And plan Swiss arrests. The European Cyber ​​Crime Center (EC3) held seven coordination meetings in The Hague.

The researchers first went to the C2 server, which controlled and contacted the malware. Unexpected stroke of luck: It was located in France and allowed others to return. With the help of European experts, they mapped the criminal infrastructure and then analyzed the communication mechanisms between the rescuers and their victims. Eventually, they followed the “cash path”, i.e. the addresses of the bitcoin wallets sometimes went to the redemption amounts paid. “The advantage of ID is that it leaves traces that allow traces to be traced,” a police circle smiles.

See also  Kovit-19 - Ireland re-enforces curfew on bars and restaurants

Criminal system of experts

Considered to be “high value targets”, the big fish in the cybercrime environment are a fraction of the individuals arrested A real organized mob with well-defined characters. Some are responsible for infiltrating target computer systems, Mainly large companies, Thanks to all the tools available to hackers: theft of passwords and identities, rogue attack or massive “phishing” campaign.

After gaining initial access, the Ukrainian-based thugs used trickboard malware and set up deep-seated attack tools such as the Cobalt Strike. These professionals then moved intelligently into their victims ’networks and were sometimes hidden for months, before triggering and demanding data encryption. Pay the redemption amount in Bitcoin to understand them Or avoid publishing on the Internet.

A historical ransomware operator

Investigators suspect they may have used LockerGoga ransomware, which has been active since 2019 and specializes in attacking industrial systems. But Megacortex and Dharma malware were in it Before making the data unreadable, it must first be ejected Without the encryption key.

Other cybercriminals based in Switzerland have taken on the responsibility of laundering ransom money by smuggling bitcoins through cryptocurrency mixing services, which could complicate their discovery. Then they converted this virtual money into cash. Police recovered $ 52,000 and confiscated several luxury cars. They sealed computers and other electronic devices to gather evidence and trace intelligence. The total damage is estimated at nearly 100 million euros.