Cyberpolice exposes hacker group for spreading encryption virus and inflicting half a billion dollars in damage to foreign companies
Cyberpolice exposes hacker group for spreading encryption virus and inflicting half a billion dollars in damage to foreign companies
Cybercrime and cybersecurity 16.06.2021 11:30
With the help of the malicious program "Clop", the defendants encrypted the data on the media of companies in the Republic of Korea and the United States. Later, they demanded money to restore access.
The hacker group was exposed by officers of the Cyberpolice Department together with the Main Investigation Department of the National Police. The perpetrators were exposed as part of an international operation to promote and coordinate Interpol (IGCI), and together with law enforcement officials from the Republic of Korea and the United States.
It was established that six defendants carried out attacks of malicious software such as "Ransomware" on the servers of American and Korean companies. For decryption of data demanded "ransom", and in case of non-payment - threatened to disclose confidential data of victims.
Thus, in 2019, four Korean companies attacked the Clop encryption virus, as a result of which 810 internal servers and personal computers of employees were blocked. Hackers sent e-mails with a malicious file to the mailboxes of company employees. After opening the infected file, the program sequentially downloaded additional programs from the distribution server and completely infected the victims' computers with a remote managed program "Flawed Ammyy RAT".
Using remote access, the suspects activated malicious software "Cobalt Strike", which provided information about the vulnerabilities of infected servers for further capture. The attackers received a "ransom" in cryptocurrency for decrypting the information.
In 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.
Unlike common ransomware attacks, which encrypt a large number of uninstalled PCs and servers, the Advanced Persistent Threat (APT) attack is aimed at a specific victim's computer network and infects the entire system with a ransomware program.
The total damage reaches $ 500 million.
Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies.
Law enforcement officers conducted 21 searches in the capital and Kyiv region, in the homes of the defendants and in their cars. A unit of the Tactical and Operational Response of the Patrol Police was involved in the searches. Computer equipment, cars and about 5 million hryvnias in cash were confiscated. The property of the perpetrators was seized.
A criminal case under Part 2 of Art. 361 (Unauthorized interference in the work of computers, automated systems, computer networks or telecommunications networks) and Part 2 of Art. 209 (Legalization (laundering) of property obtained by criminal means) of the Criminal code of Ukraine. The defendants face up to eight years in prison. Investigative actions continue.
© Офіційний сайт Національної поліції: https://www.npu.gov.ua/news/kiberzlochini/kiberpolicziya-vikrila-xakerske-ugrupovannya-u-rozpovsyudzhenni-virusu-shifruvalnika-ta-nanesenni-inozemnim-kompaniyam-piv-milyarda-dolariv-zbitkiv/
Cybercrime and cybersecurity 16.06.2021 11:30
With the help of the malicious program "Clop", the defendants encrypted the data on the media of companies in the Republic of Korea and the United States. Later, they demanded money to restore access.
The hacker group was exposed by officers of the Cyberpolice Department together with the Main Investigation Department of the National Police. The perpetrators were exposed as part of an international operation to promote and coordinate Interpol (IGCI), and together with law enforcement officials from the Republic of Korea and the United States.
It was established that six defendants carried out attacks of malicious software such as "Ransomware" on the servers of American and Korean companies. For decryption of data demanded "ransom", and in case of non-payment - threatened to disclose confidential data of victims.
Thus, in 2019, four Korean companies attacked the Clop encryption virus, as a result of which 810 internal servers and personal computers of employees were blocked. Hackers sent e-mails with a malicious file to the mailboxes of company employees. After opening the infected file, the program sequentially downloaded additional programs from the distribution server and completely infected the victims' computers with a remote managed program "Flawed Ammyy RAT".
Using remote access, the suspects activated malicious software "Cobalt Strike", which provided information about the vulnerabilities of infected servers for further capture. The attackers received a "ransom" in cryptocurrency for decrypting the information.
In 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.
Unlike common ransomware attacks, which encrypt a large number of uninstalled PCs and servers, the Advanced Persistent Threat (APT) attack is aimed at a specific victim's computer network and infects the entire system with a ransomware program.
The total damage reaches $ 500 million.
Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies.
Law enforcement officers conducted 21 searches in the capital and Kyiv region, in the homes of the defendants and in their cars. A unit of the Tactical and Operational Response of the Patrol Police was involved in the searches. Computer equipment, cars and about 5 million hryvnias in cash were confiscated. The property of the perpetrators was seized.
A criminal case under Part 2 of Art. 361 (Unauthorized interference in the work of computers, automated systems, computer networks or telecommunications networks) and Part 2 of Art. 209 (Legalization (laundering) of property obtained by criminal means) of the Criminal code of Ukraine. The defendants face up to eight years in prison. Investigative actions continue.
© Офіційний сайт Національної поліції: https://www.npu.gov.ua/news/kiberzlochini/kiberpolicziya-vikrila-xakerske-ugrupovannya-u-rozpovsyudzhenni-virusu-shifruvalnika-ta-nanesenni-inozemnim-kompaniyam-piv-milyarda-dolariv-zbitkiv/
