Europol announced this week that it has caught twelve suspects in various criminal groups who were causing havoc throughout the world by conducting ransomware assaults on key infrastructure, following a two-year investigation. 

According to Europol, the individuals are suspected of carrying out assaults on almost 1,800 people in 71 countries. The organisation is notorious for attacking huge corporations and is suspected of being behind an attack on Norsk Hydro, a worldwide aluminium producer located in Norway, in 2019, which prompted the company to halt operations across two continents. Europol seized more than $52,000 in cash and five luxury vehicles from the accused. 

The agency is presently conducting a forensic examination of the group's electronic devices in order to secure evidence and uncover fresh investigation leads. Europol and Eurojust, the European Union's body for criminal justice cooperation, organised the international sting, which comprised officials from eight different nations, including the United States and the United Kingdom. It happened on October 26 in Ukraine and Switzerland, as per Europol. It is unclear if the individuals have been arrested or charged, with Europol just stating that they were "targeted." 

The agency stated. “Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.” 

Each of the cybercriminals played a unique function inside the criminal organisations. Some were responsible for breaking into the victims' IT networks, which they accomplished through a variety of methods such as brute force attacks, SQL injections, stolen passwords, and phishing emails with harmful attachments. 

Following that, they would use malware such as Trickbot and other tools to remain undetected and obtain more access, according to Europol. 

“The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying ransomware. The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected.” 

The attackers encrypted the victims' files before sending a ransom letter demanding bitcoin payment in return for the decryption keys. If the ransom was paid, it was reported that certain suspects were in charge of laundering the money through mixing services and cashing out. 

Europol did not elaborate on the identities of the victims or why they may have been targeted. Back in the United Kingdom, ransomware attacks have been on the rise, with cybercriminals targeting big IT businesses and destroying infrastructure.