Ukraine Authorities detain a hacker responsible for creating a crypter used in Conti and LockBit ransomware scheme
June 12, 2024
Ukraine’s cyber police have apprehended a Russian individual for his involvement in creating the crypter component utilized in the operations of Conti and LockBit ransomware.
The Ukrainian cyber law enforcement took into custody a 28-year-old Russian man who was behind the development of a crypter utilized in Conti and LockBit ransomware operations.
The individual was apprehended in Kyiv on April 18, 2024, as part of the international operation known as ‘Operation Endgame.’
A crypter is software used to disguise or encrypt malicious code to evade detection by antivirus solutions and other security mechanisms. These tools obscure malware by converting it into an unreadable format and are packaged with a decryption mechanism that can restore the original malicious code upon execution. Crypters play a vital role in the cybercrime domain by allowing malware creators to bypass security measures.
“Law enforcement discovered that the suspect specialized in the development of cryptors (derived from the English term crypt – hiding place) – specialized software designed to mask computer viruses as benign files.” according to the statement released by the Ukrainian cyber police. “Using his programming skills, the individual was able to conceal malicious software from mainstream antivirus programs.”
The Ukrainian authorities received support from the Dutch police after a ransomware attack impacted a Dutch enterprise.
Authorities identified the Russian hacker collective that received cryptocurrency for disguising the “Conti-malware” encryptor. By the end of 2021, a cybercrime faction executed the ransomware attack on the networks of companies in the Netherlands and Belgium, demanding a ransom for decrypting the infected systems.
“A notification from the NCSC (National Cyber Security Center) alerted authorities, who subsequently confirmed that the Ukrainian individual infected a Dutch company’s networks with Conti’s malware in 2021; a hacking group that trades ransomware. Consequently, the company’s data was encrypted and rendered inaccessible.” reports the Dutch Police. “The group demanded a ransom to restore access to the company’s data and prevent its exposure. The Dutch enterprise filed a complaint with the authorities in 2021, which allowed Team High Tech Crime to advance with the investigation.”
The cyber police uncovered that the Russian hacker supported the Russian cybercrime entities “LockBit” and “Conti.” Together with the “TacTeam” special forces unit, the police conducted searches in Kyiv and, at the request of Dutch law enforcement, another search in the Kharkiv region, seizing computer equipment, mobile devices, and preliminary documents.
The investigation is ongoing, and the suspect has been charged under section 5 of Article 361 (Unauthorized interference in the operation of information (automated), electronic communication, information and communication systems, electronic communication networks) of the Ukrainian Criminal Code. The individual could face up to 15 years in prison, with the possibility of additional legal ramifications.
Connect with me on Twitter: @securityaffairs, Facebook, and Mastodon
(SecurityAffairs – hacking, LockBit ransomware)
About Author
