Connect with us

Hi, what are you looking for?

Cyber Security

Ransomware cybercriminals linked to Norsk Hydro attack fall prey to Europol swoop

A ransomware group that’s said to be responsible for thousands of “devastating” attacks against high-profile targets worldwide has been disrupted after a dozen prominent members were “targeted” by law enforcement, Europol has announced.

Police also seized more than $52,000 in cash, five luxury vehicles, and electronic devices as they swooped on locations in Ukraine and Switzerland in the early hours of October 26.

The electronic devices are being forensically examined in the hope of uncovering further evidence and investigative leads, said Europol in a press release.

Norsk Hydro defiance

The EU’s law enforcement body said 12 individuals were targeted in relation to a “professional, highly organized” cybercrime group that favored large corporations and is believed to have directed attacks affecting more than 1,800 victims in 71 countries.

As confirmed by Norwegian police, this includes a ransomware attack that crippled the IT systems of Norwegian industrial giant Norsk Hydro in 2019.

The aluminum and renewable energy provider refused to pay the ransom despite having to operate without computer systems for several weeks.

While the incident cost Norsk Hydro an estimated $70 million in losses, the company was widely praised for refusing to cave into the hackers’ demands, as well as its transparency in communicating the attack to its customers and the wider public.

‘High-value targets’

Some of the suspects “interrogated” in the Europol- and Eurojust-led operation are believed to have been involved in the compromise of corporate networks, while others are accused of overseeing the laundering of ransom payments using bitcoin mixing services.

“Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions,” said Europol.

The ransomware gang breached IT networks via phishing emails, stolen credentials, brute force attacks, and the exploitation of SQL injection vulnerabilities, among other mechanisms, said Europol.

Once inside networks the attackers moved laterally and deployed malware such as Trickbot or post-exploitation frameworks such as Cobalt Strike or PowerShell Empire.

Europol said the attackers then probed for further weaknesses as they lurked undetected in compromised systems, often for several months.

The group deployed ransomware variants including MegaCortex, Dharma and – as was the case with Norsk Hydro – LockerGoga.

Victims were instructed to pay ransoms in bitcoin in exchange for decryption keys.

The investigation, which began in September 2019, involved law enforcement authorities from France, Netherlands, Ukraine, UK, Germany, Switzerland, US, and Norway.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/ransomware-cybercriminals-linked-to-norsk-hydro-attack-fall-prey-to-europol-swoop

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO