Law enforcement agencies in Ukraine and Germany have identified two members of a Russian-affiliated ransomware group and carried out searches in western Ukraine.
Search (Source: Cyber Police of Ukraine)
Investigators also named the alleged organizer, a Russian national, and placed him on an international wanted list through INTERPOL. Foreign law enforcement agencies said the individual may have connections to activity associated with the Conti ransomware operation.
Technical roles inside the group
According to investigators, the two suspects specialized in technical intrusion activities used to prepare ransomware attacks. Their role centered on password extraction from protected systems using specialized software.
After obtaining employee credentials, group members accessed internal corporate systems and elevated account privileges inside company networks. Investigators said this access enabled further compromise of internal infrastructure.
During the searches, police seized digital storage devices and cryptocurrency assets that investigators linked to the activity.
Targets and financial impact of the attacks
Law enforcement agencies stated that the group targeted companies, institutions, and public authorities across economically developed Western countries. Between 2022 and 2025, investigators attributed attacks against hundreds of organizations to the group, with reported losses reaching hundreds of millions of euros.
The investigation involved cooperation among agencies in Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom, with support from Europol. Ukrainian police previously carried out related searches in Kharkiv and surrounding regions at the request of international partners.