THE HAGUE: US, European and Ukrainian police have arrested a ringleader of a notorious hacker gang operating from Ukraine which used ransomware to fleece hundreds of millions of euros from their victims, Europol said on Nov 28.

Law enforcement officers swarmed 30 properties in western and central Ukraine including in Kyiv and Cherkasy on the Dnipro River, as well as Vinnytsa and Rivne last Tuesday, the Hague-based Europol said.

"In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations," it said in a statement.

"The operation comes at a critical time as the country grapples with the challenges of Russia's military aggression against its territory," Europol added.

Police arrested a 32-year-old man alleged to have been a ringleader in the gang, as well as four accomplices.

More than 20 investigators from France, Germany, Norway and the United States were deployed to Kyiv to help local police.

Meanwhile Europol set up a virtual command post in The Netherlands to analyse data seized during the Ukrainian house searches in real time.

The latest arrests follow police action in 2021 in which 12 suspected ransomware gang members were arrested in Ukraine and Switzerland.

Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing it publicly.

In this case the hackers focused their attacks against organisations in 71 countries, infecting some 250 servers "resulting in losses exceeding several hundreds of millions of euros”.

"These cyber actors are known for specifically targeting large corporations, effectively bringing their business to a standstill," Europol said.

The gang members played different roles, some breaking into networks, others laundering the cryptocurrency payments made by the victims to have their files decrypted.

"Once inside the networks, the attackers remained undetected and gained additional access using other tools in order to compromise as many systems as possible before triggering ransomware attacks," Europol said. – AFP