Heimdal
article featured image

Contents:

A 28-year-old Russian man has been taken into custody by the Ukraine cyber police in Kyiv for his involvement in the Conti and LockBit ransomware operations, which involved making their malware impervious to antivirus software and carrying out at least one attack personally.

The Dutch police, who responded to a ransomware attack and subsequent data theft extortion on a Dutch multinational, provided information to support the investigation.

As part of the law enforcement operation known as “Operation Endgame,” which targeted and eliminated multiple botnets and their primary controllers, the individual was taken into custody on April 18, 2024.

Details About the Campaign

Due to the fact that the Conti ransomware group used some of those botnets to gain initial access on breached endpoints, the authorities were led to the Russian threat actor.

According to the Ukrainian authorities, the person who was detained was an expert in creating unique crypters that were used to conceal ransomware payloads inside files that seemed secure, so rendering them FUD (totally undetectable) and avoiding detection by well-known antivirus software.

The accused person also worked as an affiliate for maximum profit, since the Dutch authorities verified at least one instance of him planning a ransomware attack in 2021 utilising a Conti payload.

As part of the pre-trial investigation, police, together with patrol officers of the special unit “TacTeam” of the TOR DPP battalion, conducted a search in Kyiv… Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region.

Ukrainian Police on the Situation (Source)

The police seized mobile phones, computer equipment, and handwritten notes for further examination. The investigation into the activities of the threat actor and the extent of his actions in the Conti and LockBit attacks is currently underway.

Part 5 of Article 361 of the Ukrainian Criminal Code (Unauthorised interference in the work of information, electronic communication, information and communication systems, electronic communication networks) has already been brought against the suspect, who could spend up to 15 years in jail if found guilty.

If you liked this piece, you can find more on the blog. Follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE