Europol lists hackers as big criminals, involved in various investigations.
The gang has received payments in BTC during their various attacks.
The European Union Agency for Police Cooperation (Europol) arrested twelve suspects in Ukraine and Switzerland of being part of a global network of cybercriminals, responsible for 1,800 ransomware attacks or data hijacking in 71 countries. The group requested bitcoin (BTC) for the payment of its ransoms, which helped the police to map the transfers, as part of their intelligence work.
In a note posted on its web portal, Europol lists the captured suspects as “high-value targets”, given that they have participated in multiple high-profile cases in different jurisdictions. Some of them compromised facilities, data centers or website servers governments and then monetize the infection by implementing a ransomware.
A ransomware is a virus that blocks access to files on infected computers. Next, the owners are instructed to pay a certain sum of money, sometimes it is specified that it be in bitcoin. This is a ransom to regain access to your files.
The ransomware variants used by the captured suspects are LockerGoga, MegaCortex or Dharma, which are among the more than 25 guys who have kept investigators on their toes in recent years.
The police used the ransom payments in bitcoin to discover the associations between different groups of ransomware. Source: Pexels.
As part of the investigation, the European Union police organization had the support of eight countries. Not only were arrests made during the raids, but also more than $ 52,000 in cash was found. Several luxury vehicles and watches were seized, as well as laptops and phones that the criminals apparently used to complete their kidnappings and request ransoms, as detailed in the report.
Bitcoin helps the police
In their reports, the police do not mention the names of the alleged criminals arrested, nor do they indicate the specific cases in which they have participated. However, he adds his suspicions that several of the people questioned used bitcoin mixing services to obfuscate the trail of the ransoms they received.
As described in the CryptoNoticias glossary of terms, bitcoin mixers or mixing services are protocols that divide the amounts to be sent by users into small amounts that go through different addresses before being unified again at the final destination. This operation is carried out with the aim of making it difficult to trace capital.
After a ransomware attack, the victim received a message demanding payment in bitcoin in exchange for returning access to the hijacked files or operating system. Some of the suspects possibly laundered the loot by funneling bitcoin payments through mixing services before withdrawing the criminally obtained funds. The stolen money was often invested in purchasing resources for the next ransomware attack.
Dutch police report, which also participated in the operation.
Among the intelligence work carried out by the police was the mapping bitcoin payments received by cybercriminals to detect their location. In this way, they would have discovered the identity of the 12 suspects, including one who participated in the ransomware attack on several companies in the port of Rotterdam. An event that occurred in 2019.
Although all transactions on the Bitcoin network are public, and there are no linked names or an address, still, Through analytics softwares, various companies and governments can track and link the identities of individuals involved in suspicious activity.
It is not the first time that the police have tracked bitcoin transactions to detect criminals. As reported by ., in 2019 it happened in Costa Rica, where the Judicial Investigation Agency dismantled a gang of kidnappers, after tracking the transactions of a BTC wallet in which payment was received for the release of the American businessman William Sean Creighton Kopko.