Europol detains hackers behind 2019 Norsk Hydro ransomware attack

Since 2019, Europol and its law enforcement partners have dismantled a network of organized cybercriminals responsible for a run of ransomware attacks that have claimed the lives of over 1,800 people in 71 countries. Following a two-year investigation, the EU’s police agency said on Friday that 12 people had been “targeted” in searches in Ukraine and Switzerland this week. The agency has yet to respond to our request for further information, and it has not said whether anybody has been detained or prosecuted.

According to Europol, the unknown people were “known for especially targeting huge firms, essentially knocking their business to a halt.” LockerGoga was one of the ransomware strains employed by the gang, which was also used in the March 2019 attack on Norwegian aluminum manufacturer Norsk Hydro. Norsk Hydro lost more than $50 million because of the hack, which prompted the company’s factories on two continents to shut down for about a week. Norway’s National Criminal Investigation Service, or Kripos, verified the targeted persons were responsible for the Norsk Hydro assault in a separate news statement.

To stay undiscovered and obtain additional access, the hackers used ransomware MegaCortex and Dharma, as well as malware like TrickBot and post-exploitation tools like Cobalt Strike and PowerShell Empire, according to Europol. “The perpetrators would then remain unnoticed in the infected systems for months, looking for further flaws in the IT networks before monetizing the infection by installing ransomware,” according to Europol. Although Europol claimed it confiscated $52,000 in cash and five luxury automobiles, it is unknown how much money the crooks gained from their attacks.

“The majority of these suspects are deemed high-value targets since they are being investigated in many high-profile instances across various jurisdictions,” Europol stated. “In these professional, highly organized criminal groups, the intended suspects all had distinct responsibilities.” “They would pass the Bitcoin ransom money through mixing providers, before cashing out the ill-gotten earnings,” Europol stated. Europol claimed that law enforcement agencies from Norway, France, the United Kingdom, Switzerland, Germany, Ukraine, the Netherlands, and the United States took part in the operation this week, with more than 50 international investigators dispatched to Ukraine in October 26 to hunt for cybercriminals.