Ukraine Arrests Cryptor Specialist Aiding Conti and LockBit Ransomware


In a major victory against ransomware operators, Ukrainian police have apprehended a Ukrainian national suspected of aiding the notorious ransomware groups, Conti and LockBit for monetary gains.

 The arrest, which took place on April 18, 2024, is part of a wider operation dubbed “Operation Endgame,” and was made possible with the collaboration of Team High Tech Crime (THTC) of Unity National Operations and Interventions, the Netherlands. However, the announcement about the suspect was only revealed earlier today by Ukrainian authorities in a press release.

The 28-year-old man from Kyiv was identified after an investigation from the National Public Prosecutor’s Public Prosecutor’s Office was launched. Reportedly, the unauthorized Ukrainian hacker penetrated a Dutch company’s computer network and the company reported the incident in 2021. The company has been notified of the arrest and the course of action. 

The suspect specialized in developing cryptors. Russian Conti group used Kyivan’s services for a reward in cryptocurrency to disguise the “Conti-malware” encryption virus to infiltrate the Dutch company’s computer networks. By the end of 2021, the group infected the company’s computer networks in the Netherlands and Belgium with hidden malware, rendering them unusable, and demanded a ransom for decrypting the data. 

The significance of this arrest lies in the suspect’s expertise. He allegedly specialized in crafting custom crypters – tools used to disguise malicious ransomware payloads as legitimate files. These crypters effectively bypassed traditional antivirus software, allowing the ransomware to operate undetected within compromised networks. Evidence suggests he sold his crypting services to both Conti and LockBit, significantly enhancing their ability to launch successful attacks.

Police and the special unit “TacTeam” of the TOR DPP battalion conducted a pre-trial investigation in Kyiv and the suspect’s native Kharkiv region, seized computer equipment, mobile phones, and draft records.

The investigation is ongoing, with the suspect being declared under part 5 of Art. 361 of the Criminal Code of Ukraine, which provides up to 15 years of imprisonment. Additional legal qualifications may be possible.

This is a promising development as the arrest sends a strong message to cybercriminals that their activities will not go unpunished. The information collected from the investigation could lead to further arrests and the dismantling of additional elements of these groups.

The apprehended individual’s expertise may provide valuable insights into the technical workings of these cybercriminal organizations, aiding in the development of more powerful security solutions.

  1. Someone published Conti ransomware gang’s insider data online
  2. Conti ransomware gang apologized to Arab Royals over data leak
  3. Members of the infamous Egregor ransomware arrested in Ukraine
  4. Husband and wife among ransomware operators arrested in Ukraine
  5. LockBit Ransomware Boss Unmasked as Dmitry Yuryevich Khoroshev





Source link