Ukrainian Police Arrest Group Responsible for Large-Scale Ransomware Attacks Targeting Global Organizations

In a significant breakthrough in the fight against cybercrime, Ukrainian police have apprehended a group of criminals suspected of launching ransomware attacks against numerous large organizations across 70 different countries. The arrests shed light on a highly sophisticated cybercriminal network that had been operating since 2018, causing substantial financial losses and disruption to businesses worldwide.

Background of the hacker group

The origins of this hacker group trace back to 2018, during which they commenced a string of attacks that affected over 1,800 victims in 71 countries. This cybercriminal syndicate had developed techniques and advanced malware strains, demanding ransom payments amounting to hundreds of millions of dollars. Their victims included prominent companies like Norsk Hydro and a Dutch chemical company, resulting in significant financial and operational consequences.

Major attacks and accusations

The Ukrainian police have accused the hacker group of orchestrating large-scale attacks against major organizations, causing substantial disruption and financial losses. Unscrupulously exploiting vulnerabilities within their victims’ networks, the criminals targeted companies such as Norsk Hydro and a Dutch chemical company, inflicting significant damage to their operations and reputation.

Identification and arrest of suspects

Through meticulous investigative efforts, Ukrainian authorities have identified the leader of the hacker group as a 32-year-old individual, along with four of his most active accomplices. In a synchronized operation, Ukrainian police arrested all five suspects and subsequently conducted searches in 30 properties associated with them. During these searches, authorities seized digital devices, substantial amounts of cash, and even cryptocurrency holdings.

Crypto-Locking Malware Strains Used

The cybercriminals employed a range of sophisticated and potent crypto-locking malware strains to carry out their attacks. Among these were Dharma, Hive, LockerGoga, and MegaCortex. Exploiting vulnerabilities in victims’ systems, these malware strains effectively locked down crucial data, subsequently demanding ransom payments in exchange for decryption keys. The utilization of such malware strains demonstrates the group’s technical sophistication and their capability to cause severe harm to targeted organizations.

“Big Game Hunting” technique

The hacker group engaged in a strategy known as “big game hunting,” primarily targeting larger companies in search of significant ransom payoffs. By focusing on organizations with deep pockets, these cybercriminals sought to maximize their financial gains. Through their attacks, they instilled fear and uncertainty throughout the business community, as companies realized that no organization was immune to the threat of ransomware.

Group’s operation in Kyiv

The hacker group operated out of Kyiv, the capital city of Ukraine. Despite geopolitical developments such as Russia’s war of conquest in Ukraine, the group continued to conduct their criminal activities from the city. This highlights the challenges faced by law enforcement agencies in combating cybercrime across international borders.

Previous arrests and accumulated evidence

The recent arrests build upon evidence gathered in a previous round of detentions that took place in October 2021. During those arrests, Ukrainian authorities detained 12 “high-value targets” who were implicated in cyberattacks orchestrated by the same hacker group. The accumulated evidence from these arrests has significantly contributed to the current investigation, painting a clearer picture of the group’s infrastructure and modus operandi.

Tactics employed by the group

The hacker group used a variety of tactics to infiltrate victims’ networks and execute their ransomware attacks. These tactics included SQL injection attacks, password cracking, and sophisticated phishing campaigns. By exploiting vulnerabilities in the security measures of the target organizations, the cybercriminals gained unauthorized access to critical systems and carried out attacks that had far-reaching consequences.

The arrest of this hacker group marks a significant achievement in the global fight against ransomware attacks and cybercrime. The Ukrainian police’s diligent efforts demonstrate the commitment and determination of law enforcement agencies to tackle sophisticated cybercriminal networks. As investigations continue, it is hoped that the apprehension of these criminals will send a strong message to others involved in ransomware attacks. Nevertheless, the battle against cybercrime remains ongoing, and it is crucial for organizations and governments worldwide to strengthen their cybersecurity protocols and collaborate closely to enhance global resilience against this evolving threat.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

ClickLock Malware Coerces macOS Users to Surrender Passwords

Traditional macOS security architectures have long been celebrated for their robust sandboxing and gated execution, yet a new strain of malware is proving that the human element remains the most vulnerable entry point in any digital ecosystem. This threat, known as ClickLock, has emerged as a particularly aggressive evolution in the macOS threat landscape by prioritizing psychological pressure and social

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

How Is OpenAI Redefining AI With Precision Engineering?

The shift from experimental conversationalists to precise engineering tools has fundamentally altered the landscape of digital productivity and high-performance computing in 2026. This transition is marked by a move away from the early excitement surrounding generative models toward a rigorous framework centered on deep optimization and granular control. OpenAI has spearheaded this movement with the introduction of the GPT-5.6 Sol