乌克兰逮捕黑客团伙，揭秘多起勒索软件阴谋

A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes.

一次协调的执法行动导致了在乌克兰逮捕了涉嫌参与多起勒索软件计划的关键人物。

"On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader," Europol said in a statement today. "Four of the ringleader's most active accomplices were also detained."

欧洲警察局今天在一份声明中表示:"11月21日，30处房产在基辅、切尔卡瑟、里夫内和乌克兰被搜查，结果逮捕了32岁的首脑。首脑的四名最活跃的同伙也被拘留。"

The development comes more than two years after 12 people were apprehended in connection with the same operation. The individuals are primarily linked to LockerGoga, MegaCortex, and Dharma ransomware families.

这一进展发生在距离之前有12人被捕超过两年的时间后，这12人被指控涉及相同的行动。这些人主要与LockerGoga、MegaCortex和Dharma勒索软件家族有关。

The suspects are estimated to have targeted over 1,800 victims across 71 countries since 2019. They have also been accused of deploying the now-defunct Hive ransomware against high-profile organizations.

自2019年以来，嫌疑人据称已瞄准了71个国家的1800多名受害者。他们还被指控使用现已停用的Hive勒索软件攻击知名组织。

Some of the co-conspirators are believed to be involved in penetrating IT networks by orchestrating brute-force attacks, SQL injections, and sending phishing emails bearing malicious attachments in order to steal usernames and passwords.

一些共谋者被认为参与了通过策划暴力攻击、SQL注入和发送带有恶意附件的钓鱼邮件来渗透IT网络，以窃取用户名和密码。

Following a successful compromise, the attackers stealthily moved within the networks, while dropping additional malware and post-exploitation tools such as TrickBot, Cobalt Strike, and PowerShell Empire to ultimately drop the file-encrypting malware.

在成功入侵后，攻击者悄悄地在网络中移动，同时释放了额外的恶意软件和后期利用工具，比如TrickBot、Cobalt Strike和PowerShell Empire，最终释放了文件加密恶意软件。

The other members of the cybercrime network are suspected to be in charge of laundering cryptocurrency payments made by victims to decrypt their files.

网络犯罪团伙的其他成员被怀疑负责洗钱受害者支付的加密货币，以解密他们的文件。

"The investigation determined that the perpetrators encrypted over 250 servers belonging to large corporations, resulting in losses exceeding several hundreds of millions of euros," Europol said.

欧洲警察局表示:"调查确定，犯罪分子加密了属于大型公司的250多台服务器，导致数亿欧元的损失"。

The collaborative effort involved authorities from France, Germany, the Netherlands, Norway, Switzerland, Ukraine, and the U.S.

这次合作行动涉及了来自法国、德国、荷兰、挪威、瑞士、乌克兰和美国的执法部门。

The disclosure comes less than two weeks after Europol and Eurojust announced the takedown of a prolific voice phishing gang by Czech and Ukrainian police that's believed to have netted millions in illegal profits by tricking victims into transferring funds from their 'compromised' bank accounts to 'safe' bank accounts under their control.

在不到两周之内，欧洲警察局和欧洲司法合作组织宣布捷克和乌克兰警方打击了一起著名的语音诈骗团伙，并被认为通过欺骗受害者将资金从他们的'受损'银行账户转账到他们控制下的'安全'银行账户中，从而赚取了数百万美元的非法利润。

It also arrives a month after Europol revealed that law enforcement and judicial authorities from eleven countries dismantled the infrastructure associated with Ragnar Locker ransomware and arrested a "key target" in France.

在欧洲警察局透露，来自11个国家的执法和司法机构拆除了与Ragnar Locker勒索软件相关的基础设施，并在法国逮捕了一个"关键目标"的一个月后。

原文始发于微信公众号（知机安全）：乌克兰逮捕黑客团伙，揭秘多起勒索软件阴谋