The arrest of Ukrainian cybercriminals, justice finally goes beyond the borders of the net

When it comes to fighting cybercrime, some crooks felt protected when they were operating from far away destinations. This was without counting on the ability of global private groups and international police forces to cross borders. Unity is strength, and some Internet hackers have found this out the hard way.

On September 28, 2021, the French Gendarmerie Nationale, the Ukrainian National Police, the American Federal Bureau of Investigation (FBI), Europol and Interpol, worked together to allow the arrest, in Ukraine, of two perpetrators of cyber attacks known to the authorities but never worried before.

The two individuals arrested are familiar with what is known as “ransomware”. This is a cybercrime technique that consists of sending malicious software to a company in order to steal its sensitive data, before encrypting its files and demanding a ransom.

These crooks, armed only with their keyboard, threaten to reveal or destroy the data if the victim company refuses.

Companies’ new criminal risks

According to the Europol press release published on November 17, 2021, the sums demanded by these individuals for each attack were exorbitant: the payment of an amount between 5 and 70 million euros was generally requested from the targeted companies. This was enough to put the companies that were victims of this blackmail in difficulty. Although the press release does not reveal any names, some sources close to the case suggest that it is the “Ragnar Locker” ransomware gang, according to the article in La Lettre A of December 7, 2021.

This practice is part of the new criminal risks emerging in a context of generalized digitalization. The dangers are numerous for companies: financial losses, image risks, data loss, loss of customers, attacks on employees’ personal data, the list being far from exhaustive.

The shipping company CMA CGM is well aware of these risks, as it was one of the victims of the “Ragnar Locker” gang.  On September 28, 2020, a year before the gang’s alleged arrest, this French group based in Marseilles issued a statement announcing that it had been the victim of a cyberattack that had affected its peripheral servers. The Group was infiltrated by the malware sent by Ragnar Locker, which came to paralyze its activity by encrypting part of its data, thus making it inaccessible. The software demanded a ransom in exchange for the data decryption key. At the time, all the teams of the shipping company were mobilized. The loss or disclosure of this data had to be avoided. Rodolphe Saadé, Chairman and CEO of the CMA CGM federates police forces to arrest cyber criminals

Group, but also Michael Perrino, Vice President and head of IT security, colonel Franck Chaix, ex GIGN commanding officer(French Gendarmerie National Counter terrorism Unit), head of the Group’s safety and security department, and Nicolas Sekkaki Chief digital officer, made sure to manage this crisis. However, the paralysis lasted 14 days and resulted in a loss of 50 million dollars for the company, which has billions in sales.

There are several victims of this kind of attack. For example, in July 2021, the Kaseya ransomware attacked crippled Sweden’s largest supermarket chain, resulting in the closure of more than 800 stores in the country. And the phenomenon is multiplying, as proof, in the last days, two cases of ransomware have been reported: one in the insurance brokerage group Adelaide, the other in the group specializing in the sale of computer equipment, LDLC. The Adelaide Group issued a statement on December 6, 2021, informing that cybercriminals claim to be in possession of data stolen in a ransomware attack. As for LDLC, the attack took place on November 29, and seems to be signed by the same gang Ragnar Locker.

It is probably the CMA CGM case that allowed the union of law enforcement agencies from so many organizations and countries to arrest cyber criminals in Ukraine. This is a first that shows that it is becoming increasingly difficult to hide from cyber cops, even in Ukraine, which has been considered a digital lawless territory until now. Legally, if it is proven that it is indeed the Ragnar gang that has been locked up, the victims will be able to advance the criminal aspect of its case.

Law enforcement has won a battle with these unprecedented arrests, but not the war.