Police authorities cracked down on a longstanding ransomware criminal group that caused major disruptions in critical infrastructure firms in Europe and the U.S. over the past few years, including at Norwegian industry giant Norsk Hydro and French consultancy Altran.
The cybercriminal group, known for using ransomware called LockerGoga, caused „aggressive disruption“ at „high-stake targets,“ European law enforcement agency Europol said in a statement on Friday. Twelve individuals were targeted in Ukraine and Switzerland, it said, adding these people „are being investigated in multiple high-profile cases in different jurisdictions.“
It’s the latest in a streak of crackdowns on ransomware groups, who use malware to take over organizations‘ IT systems, lock staff out of their computers and demand a ransom in return for access. The threat rose to the top of officials‘ agendas this year after devastating attacks disrupted U.S. oil supply and ground Irish hospitals to a halt in May.
The U.S. administration this month gathered more than 30 countries including France, Germany, the EU and others to fight the problem, pledging „urgent action,” including through joint investigations and cracking down on the cryptocurrency money flows hackers use to cash in payments.
Europol did not disclose the names of victims, but the group using LockerGoga ransomware was previously reported to be behind attacks on Norwegian aluminum manufacturing company Norsk Hydro in March 2019 and French industrial consultancy group Altran in January 2019. It also hit U.S. chemical companies Hexion and Momentive, according to cybersecurity researchers.
The LockerGoga gang infiltrated organizations using phishing emails and stolen credentials, and „would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetizing the infection by deploying a ransomware,“ Europol said.
The attacks caused major outages of victims‘ IT infrastructure. In the case of Norsk Hydro, the firm had to switch to manually operate its installations, while Altran shut down IT systems for its operations in several European countries in order to respond to the attack.
In total, the criminals affected over 1,800 victims across 71 countries, Europol said. It’s unclear how much money the criminals made with their attacks; Europol said it seized $52,000 (€44,500) in cash and five luxury vehicles.
The crackdown operation was initiated by French police, who started working with Norway, the U.K. and Ukraine in 2019 to hunt down the cybercriminals. Dutch and U.S. authorities also worked on an investigation into the same group. Germany and Switzerland cooperated in the action, and it was supported by EU agency Eurojust.
The operation came to a head this month, when authorities deployed more than 50 investigators to Ukraine to bust the gang early on Tuesday.