Ragnar Locker Ransomware Dev Arrested In France
Read also: India busts fake Microsoft and Amazon call centers, Vastaamo hacker charged with over 30,000 counts of computer crimes, and more.
Thursday, October 26, 2023
Ragnar Locker ransomware op dismantled. “Key target” arrested in France
Law enforcement agencies from eleven countries joined forces to dismantle the Ragnar Locker ransomware operation known for its targeting of critical infrastructure, businesses and organizations worldwide.
The police conducted raids between 16 and 20 October 2023, in Czechia, Spain and Latvia and detained five suspects. Searches were also carried out in Kyiv, Ukraine, at a suspect’s home, with police officers confiscating laptops, mobile phones and “electronic storage devices.”
Simultaneously, Ragnar Locker’s developer, described by Europol as “key target,” was arrested in Paris. The authorities in the Netherlands, Germany and Sweden seized the ransomware’s infrastructure, including the group’s dark web data leak site.
Ragnar Locker, which has been in operation since 2019, employed a double extortion tactic, involving threat actors stealing a victim’s sensitive data in addition to encrypting it. Since 2020, the gang has targeted over 160 companies across Europe and the US demanding exorbitant ransoms ranging from $5 million to $70 million. To further intimidate their victims, the operators of Ragnar Locker threatened to leak their data if they hire negotiators, stating it would be considered a hostile act.
Request your free demo now and talk to our experts.
India busts a massive tech support scam operation impersonating Microsoft and Amazon
Indian authorities have raided multiple call centers in 76 locations across the country involved in tech support scams impersonating global tech giants Microsoft and Amazon.
As part of the operation named “Operation Chakra-II,” 32 mobile phones, 48 laptops, hard disks, images of two servers, 33 SIM cards, and pen drives were seized and numerous bank accounts were frozen, India’s Central Bureau of Investigation (CBI) said. The authorities said they also seized a dump of 15 email accounts.
The fraudulent call centers exploited well-known brands such as Microsoft and Amazon to fool victims into installing malware or other unwanted software that can steal data or damage the device.
According to Microsoft, the scam operation targeted more than 2,000 people in the US, Canada, Germany, Australia, Spain, and the UK.
Cybercriminal gang that made over €3M via smishing, phishing and vishing neutralized in Spain
Spain’s National Police arrested 34 people suspected of their involvement in a major organized crime ring that made at least €3 million through various deception schemes. Those included smishing, phishing and vishing, 'son in distress' scams, shipping scams and vishing campaigns where fraudsters posed as employees of electric firms.
The investigation into the group was launched at the beginning of 2023 after Spanish cybercops identified a criminal network that illegally accessed customer databases of various financial institutions. The scammers added funds to the client accounts and then contacted those individuals asking them to return the money claiming the funds were added erroneously. The crooks provided payment instructions, including a link leading to a phishing site that captured victims’ banking details.
The group also hacked into corporate databases stealing information on more than four million people. This data was then used to carry out phishing and vishing campaigns. Additionally, the group offered for sale phishing tools on cybercrime forums.
The leaders of the gang used fake documents and spoofing techniques to hide their identities. The police conducted 16 searches across Madrid, Málaga, Huelva, Alicante and Murcia provinces, seizing a database containing information of four million people, “computer and electronic material valued at thousands of euros,” as well as €80,000 in cash, luxury vehicles and other items.
Vastaamo psychotherapy center hacker charged with over 30,000 counts of computer crimes
A preliminary hearing started in Finland for Aleksanteri “zeekill” Kivimäki (formerly known as Julius Kivimäki), a 26-year-old former Lizzard Squad member accused of breaching a Helsinki-based private psychotherapy center and extorting its clients.
The 2018 Vastaamo breach, which came to light only in 2020, saw the private treatment records of tens of thousands of patients stolen. After hacking the psychotherapy center’s database and stealing information, Kivimäki demanded more than €360,000 in bitcoin from Vastaamo in exchange for not leaking the records.
However, the company refused to pay. Kivimäki then tried to blackmail Vastaamo patients into paying him sums ranging from €200 to €500 to prevent their private information from being leaked. The breach is said to affect 30,000 people.
Kivimäki was arrested in France in February 2023 and extradited to Finland. Kivimäki, who is in pre-trial detention, has been charged with over 30,000 counts related to aggravated data breaches, the leak of private information and blackmail. The main hearing is scheduled to begin on November 13, 2023. The hacker could face a seven-year prison sentence if found guilty.
French court sets free two Spanish hackers accused of 200 attacks as “investigation had no credibility”
A French court has freed two Spanish ransomware actors that targeted 26 French companies, including logistics and transportation firms, causing millions of euros in losses.
Aged 26 and 28, the two suspects were arrested in Madrid, Spain, last year. French prosecutors alleged that the duo used the Babuk ransomware to launch more than 200 attacks against organizations worldwide.
The two suspects were accused of running a hacking group that breached corporate systems using social engineering techniques, phishing emails or by exploiting security vulnerabilities.
In a court trial, the defense cast doubts on the police investigation, arguing that it is conjecturing rather than proving and that the number of victims is much smaller, “with amounts of money requested that did not reach 5,000 euros.”
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
