New Threat Research: The Client/Server Relationship — A Match Made In Heaven 

Read Threat Research


Police Arrest Two Ransomware Suspects in Ukraine in International Operation

On October 4th, Europol announced a coordinated law enforcement operation against a major ransomware criminal gang. The operation, which took place on September 28th, involved the FBI Atlanta Field Office, French National Police, and the National Police of Ukraine. It resulted in two people being arrested in Ukraine, seven property searches, seizure of $357,000 USD in cash, seizure of two luxury vehicles worth over $250,000 USD, and freezing of $1.3 million USD in cryptocurrencies. The criminal organization is suspected of having attacked very large industries in North America and Europe to steal sensitive information, encrypt files, and demand an extortion payment in return for the key to decrypt the files. This pattern of activity is common among many ransomware gangs, and Europol has not yet revealed which ransomware group the individuals were associated with. The National Police of Ukraine released a YouTube video with scenes from the search operation showing seizure of computers and cash, along with a public statement about the case.

Analyst Notes

Ransomware is a threat to companies of all sizes, and the best defense is still early detection and prevention. Using security monitoring systems and skilled analysts in a Security Operations Center, detect the early stages of any malware or computer intrusion and stop it before the threat actors have time to gain administrator access and fully take over the victim company’s servers. Whenever a threat is detected and stopped, if company policy allows sharing the information about the attempted attack with law enforcement (typically the FBI or US Secret Service in the United States), those tips from the public are crucial for starting investigations that can eventually lead to the identification and arrest of the criminals responsible. Sharing anonymized information with other companies about how the attack happened can also help them detect attacks more accurately and stop them in the early stages. Ransomware gangs won’t stop attacking until they are brought to justice but sharing information about attackers with law enforcement and the information security community can help many companies avoid becoming victims in the future.