Law enforcement agencies in seven countries teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation.

According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices. 

This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021. 

The cybercrime operation targeted thousands of entities across 71 countries. Europol said the malicious hackers disrupted the operations of large corporations, deploying MegaCortex, Hive, LockerGoga and Dharma ransomware in their attacks.

Some of the suspects were involved in hacking into the networks of the targeted organizations, while others are accused of laundering the ransom payments made by victims. 

The use of multiple file-encrypting ransomware families and the roles of the suspects suggest that they were ransomware-as-a-service affiliates.

The cybercriminals used SQL injections, phishing emails, and brute force attacks to gain access to networks. They then deployed malware such as TrickBot and tools such as Cobalt Strike and PowerShell Empire to gain access to other systems. 

Authorities said more than 250 servers belonging to major organizations were encrypted, which resulted in losses totaling hundreds of millions of dollars. 

Related: Two ‘Prolific’ Ransomware Operators Arrested in Ukraine

Related: Russian National Arrested in Canada Over LockBit Ransomware Attacks

Related: Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine