Ukrainian and German law enforcement have disrupted a Russian‑affiliated hacker group that has been carrying out high‑impact ransomware attacks against organizations worldwide, causing losses estimated in the hundreds of millions of euros.
According to Ukraine’s Cyber Police and the Main Investigation Department of the National Police, working under the guidance of the Cyber Department of the Prosecutor General’s Office.
In cooperation with Germany’s Federal Criminal Police Office (BKA), two members of the group operating from Ukraine have been identified and searched.
Technical Roles in Ransomware Operations
Investigators say the suspects played key technical roles within the ransomware operation. They acted as “hash crackers” specialists who used dedicated tools to extract and crack password hashes from compromised systems.
After stealing or cracking employee credentials, the attackers allegedly used these accounts to move laterally inside corporate networks, escalate privileges, and gain control over critical infrastructure.
Once inside, the group is believed to have deployed ransomware to encrypt sensitive data and systems and to exfiltrate confidential information.
Then, the extortionists demanded payment for decryption keys and to prevent data leaks.
Searches were carried out at the suspects’ residences in the Ivano-Frankivsk and Lviv regions of Ukraine.
Police seized digital media, devices, and cryptocurrency assets believed to be linked to the illegal activity.
As part of a broader joint investigation with Europol, authorities have also identified the alleged organizer, a Russian citizen suspected of creating and leading the group.
Foreign partners report that he may also have ties to the notorious Conti ransomware operation.
On the initiative of Germany’s BKA and the Central Office for Combating Cybercrime (ZIT) in Frankfurt am Main, he has been placed on an international wanted list via Interpol.
Law enforcement agencies describe the gang as one of the most dangerous cybercriminal groups in recent years, targeting companies, institutions, and government bodies in economically developed Western countries between 2022 and 2025.
The case highlights deep international cooperation among Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom to track, attribute, and disrupt cross-border ransomware operations.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
