This week, French authorities apprehended a suspect under suspicion of laundering more than €19 million ($21.4 million) in ransomware extortion payouts.
Law enforcement agencies have not revealed the accused's name, which has only been recognized as a person from the Vaucluse area in southeast France, and neither the title of the ransomware organization with which he worked.
The detention this week follows as law enforcement agencies throughout the world have started to collaborate and crackdown on ransomware activities following years of recurrent attacks, most of which have disrupted government agencies and private sector organizations on many occasions.
This year has seen several crackdowns targeting ransomware gangs, including:
- February – The arrest of Egregor/Maze members in Ukraine.
According to French radio station France Inter, participants of the Egregor ransomware cartel were apprehended in Ukraine. The existence of a law enforcement activity was already verified by sources in the threat intelligence community. The Egregor gang, reportedly began operations in September 2020, follows a Ransomware-as-a-Service (RaaS) strategy. They rent ransomware strain access, but they depend on some other cybercrime gangs to organize attacks into corporate networks and distribute the file-encrypting ransomware.
- March – The arrest of a GandCrab affiliate in South Korea.
The arrest of a 20-year-old accused on allegations of spreading and infecting victims with the GandCrab ransomware was announced by South Korean national police. The accused, whose identity has not been revealed, was a client of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime organization. Police described the suspect as an associate — or a distributor — who operated by obtaining copies of the GandCrab ransomware and spreading them via email to victims around South Korea.
- June – The arrest of a group of Ukrainian money launderers who worked with the Clop gang.
Representatives of the Clop ransomware gang, who were apprehended in Ukraine as part of an international law enforcement operation, also provided money-laundering facilities to other cybercrime organizations. The group was involved in both cyber-attacks and "a high-risk exchanger" that laundered funds for the Clop ransomware gang and other criminal groups, according to cryptocurrency exchange portal Binance.
- September – Sanctions against Suex, a Russian crypto-exchange used to process ransomware
Suex, a cryptocurrency exchange incorporated in the Czech Republic but managed by Russia, was sanctioned by the US Treasury. According to a blockchain analysis company, Suex has assisted ransomware and other cybercrime organizations in laundering more than $160 million in stolen assets. Suex has aided in the processing of ransom payments to gangs like Conti, Ryuk, and Maze.
- October – The arrest of 12 suspects behind the LockerGoga ransomware.
According to Europol, twelve members of a ransomware cell were apprehended in Ukraine and Switzerland. The accused are suspected of orchestrating the ransomware attack that damaged Norsk Hydro in 2019, the organization was linked to 1,800 ransomware assaults in 71 countries.
- November – The arrest of a REvil affiliate in Ukraine for the Kaseya attack.
The US Department of Justice charged a 22-year-old Ukrainian national with coordinating the ransomware assaults against Kaseya servers on July 4th of this year.
- December – The arrest of a Canadian citizen for the attack against an Alaskan healthcare provider.
Since 2018, Canadian authorities had jailed an Ottawa resident on suspicion of organizing ransomware attacks on commercial companies and government agencies in Canada and the United States.
