{"id":50626,"date":"2021-10-04T16:36:22","date_gmt":"2021-10-04T13:36:22","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=50626"},"modified":"2025-09-02T19:15:43","modified_gmt":"2025-09-02T16:15:43","slug":"ukraine-identifies-ransomware-operator-crypto-wallets-worth-1-3m-blocked","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/ukraine-identifies-ransomware-operator-crypto-wallets-worth-1-3m-blocked\/","title":{"rendered":"Ukraine identifies ransomware operator; crypto wallets worth $1.3m blocked"},"content":{"rendered":"<p>Ukraine&#8217;s cyberpolice identified the operators behind the spread of the ransomware. The international operation involved Europol, Interpol, French authorities and the U.S. FBI.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83c\udd95 Arrest in Ukraine of 2 members of a ransomware gang known for their extortionate ransom demands of up to \u20ac70 million. <a href=\"https:\/\/twitter.com\/hashtag\/Europol?src=hash&#038;ref_src=twsrc%5Etfw\">#Europol<\/a> &amp; <a href=\"https:\/\/twitter.com\/INTERPOL_HQ?ref_src=twsrc%5Etfw\">@INTERPOL_HQ<\/a> coordinated operation between \ud83c\uddeb\ud83c\uddf7 <a href=\"https:\/\/twitter.com\/Gendarmerie?ref_src=twsrc%5Etfw\">@Gendarmerie<\/a>, \ud83c\uddfa\ud83c\udde6 <a href=\"https:\/\/twitter.com\/CyberpoliceUA?ref_src=twsrc%5Etfw\">@CyberpoliceUA<\/a> &amp; \ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/twitter.com\/FBI?ref_src=twsrc%5Etfw\">@FBI<\/a><\/p>\n<p>Full story \ud83d\udc49<a href=\"https:\/\/t.co\/K49HIujwLT\">https:\/\/t.co\/K49HIujwLT<\/a> <a href=\"https:\/\/t.co\/hDuiY9ddB7\">pic.twitter.com\/hDuiY9ddB7<\/a><\/p>\n<p>\u2014 Europol (@Europol) <a href=\"https:\/\/twitter.com\/Europol\/status\/1444950661007921154?ref_src=twsrc%5Etfw\">October 4, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>According to <a href=\"https:\/\/u1f987.com\/en\/news\/ukraine-identifies-clop-ransomware-operators-sources-say-they-are-not-hackers\">this<\/a> cyberpolice, with the help of the malware the hacker attacked more than a hundred companies in the US and the EU and demanded a ransom for data decryption ranging from \u20ac5 to \u20ac70 million. He had an accomplice who helped launder the funds.<\/p>\n<p>The attacker hacked software for remote work and also distributed the virus via phishing campaigns targeting corporate emails. The damage exceeded $150 million.<\/p>\n<p>During searches, investigators seized $360,000 in cash (Europol&#8217;s statement cites $375,000), equipment and vehicles. $1.3 million in cryptocurrency was blocked on the hacker&#8217;s wallets.<\/p>\n<p>The Ukrainian cyberpolice reported only one suspect; Europol announced two arrests. ForkLog reached out to the cyberpolice for comment, but as of publication had not received a response.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">October 5, 2021 | 14:46<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>Some cybersecurity experts suggested that the identified perpetrators were linked to the ransomware group REvil.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">That certainly sounds like <a href=\"https:\/\/twitter.com\/hashtag\/REvil?src=hash&#038;ref_src=twsrc%5Etfw\">#REvil<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&#038;ref_src=twsrc%5Etfw\">#ransomware<\/a>. The <a href=\"https:\/\/twitter.com\/hashtag\/Kaseya?src=hash&#038;ref_src=twsrc%5Etfw\">#Kaseya<\/a> ransom demand was famously $70 Million, and the average person may think REvil started in April 2020, with the famous hack of Grubman Shire Meiselas &#038; Sacks happening about that time.<\/p>\n<p>\u2014 GarWarner (@GarWarner) <a href=\"https:\/\/twitter.com\/GarWarner\/status\/1444996609813659654?ref_src=twsrc%5Etfw\">October 4, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<p>Earlier in June, Ukrainian law enforcement <a href=\"https:\/\/u1f987.com\/en\/news\/ukraine-identifies-clop-ransomware-operators-sources-say-they-are-not-hackers\">reported<\/a> the detection of hackers behind the Clop ransomware. ForkLog&#8217;s source said that the searches were not conducted at members of the hacker group, but at OTC traders through whom the ransomware operators&#8217; bitcoins passed.<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news on our <a href=\"\/\/telegram.me\/forklog\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ukraine&#8217;s cyberpolice identified the operators behind the ransomware. The international operation involved Europol, Interpol, French authorities and the U.S. FBI.<\/p>\n","protected":false},"author":1,"featured_media":50627,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1444,16],"class_list":["post-50626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-law-enforcement","tag-ukraine"],"aioseo_notices":[],"amp_enabled":true,"views":"18","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/50626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=50626"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/50626\/revisions"}],"predecessor-version":[{"id":50628,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/50626\/revisions\/50628"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/50627"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=50626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=50626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=50626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}