The Cyber Police of Ukraine has disclosed the detention of a local individual suspected of providing support to LockBit and Conti ransomware networks.
The unidentified 28-year-old citizen of the Kharkiv region supposedly focused on the creation of crypters aimed at encrypting and camouflaging malicious payloads to avoid detection by security tools.
It is believed that this tool was sold to Conti and LockBit ransomware factions who employed it to disguise the file-encrypting malware and execute successful hacking operations.
“Towards the conclusion of 2021, participants of the [Conti] organization infected corporate networks in the Netherlands and Belgium with concealed malware,” a translated excerpt from the official statement revealed.
During the inquiry, law enforcement conducted raids in Kyiv and Kharkiv, confiscating computers, phones, and notebooks. If convicted, the defendant could face a maximum of 15 years in imprisonment.
The news of the apprehension was also confirmed by the Dutch Politie, which mentioned that the person was detained as part of Operation Endgame on April 18, 2024.
“The Conti organization utilized various botnets that were also the focus of investigations within Operation Endgame,” as stated by the Politie in a recent announcement.
“Through this method, the Conti group managed to infiltrate the systems of multiple enterprises. By targeting not only the individuals behind the botnets but also those behind the ransomware incidents, a significant blow has been dealt to this form of cybercrime.”
In recent times, law enforcement agencies have participated in a sequence of apprehensions and dismantlements to combat cyber threats. Just last month, the U.S. Department of Justice stated the arrest of a Taiwanese individual named Rui-Siang Lin for his involvement in running an illicit dark web drug marketplace called Incognito Market.
Lin is also accused of having launched a platform known as Antinalysis in 2021 under the pseudonym Pharoah, a website designed to assess blockchains and allow users to verify if their cryptocurrency was associated with illegal transactions for a fee.
The underground marketplace drew attention earlier this March when its website went offline in an exit scam, only to resurface days later with a demand for payment from all vendors and buyers, threatening to expose cryptocurrency transactions and chat logs unless a ransom ranging from $100 to $20,000 was paid.
“For nearly four years, Rui-Siang Lin allegedly operated ‘Incognito Market,’ one of the largest online platforms for narcotics sales, conducting $100 million in illicit narcotics transactions and reaping millions of dollars in personal profits,” stated James Smith, the assistant director in charge of the FBI New York field office.
“Operating under the veil of anonymity, Lin’s alleged enterprise facilitated the sale of dangerous substances and counterfeit prescription drugs on a global scale.”
Based on data from blockchain analysis firm Chainalysis, darknet markets and fraudulent vendors generated $1.7 billion in revenue during 2023, rebounding from the previous year following the shutdown of Hydra in early 2022.
These developments coincide with GuidePoint Security’s revelation that a current member of the RansomHub ransomware group, previously affiliated with BlackCat, also has ties to the notorious Scattered Spider gang, evident through observed similarities in tactics, techniques, and procedures (TTPs).
This includes leveraging social engineering tactics to execute account takeovers by communicating with help desk personnel to initiate password resets and targeting CyberArk for stealing credentials and lateral movement.
“Educating users and enforcing procedures to verify caller identities are the most effective strategies in countering this approach, which would typically go unnoticed unless flagged by employees,” the organization stated.
About Author
