Ukrainian authorities have detained a 28-year-old from Kyiv for extorting a Dutch company with Conti ransomware. The hacker’s identity was revealed thanks to a recent multinational anti-botnet effort.
The Ukrainian police arrested the suspect after the Dutch National Cyber Security Center alerted the authorities about the perpetrator, the National Police Force of the Netherlands (Politie) announced.
The attacker allegedly utilized Conti ransomware to infect an unnamed Dutch multinational company. The suspect encrypted the organization’s data and demanded a ransom payment for a decryptor key, threatening to leak the stolen details if the company refused.
Until early 2022, Conti was among the most prolific ransomware cartels, hitting at least 640 organizations in 2021. However, the gang faltered after its affiliates disagreed with the gang’s leadership, which declared allegiance to Vladimir Putin amidst Russia’s invasion of Ukraine.
According to Dutch authorities, the suspected Conti affiliate carried out the attack in 2021, during the height of Conti’s reign. Justice came knocking three years later – on April 18th, 2024, the Ukrainian police raided locations in Kyiv and Kharkiv, seizing computer equipment, mobile phones, and documents for further investigation.
“The Dutch investigative services are very pleased with the arrest in Ukraine and are grateful that the Ukrainian police found time for this in times of war,” the Politie said.
The arrest was made possible by Operation Endgame, the largest anti-botnet effort. In late May, Europol, together with international partners, targeted and disrupted so-called malware droppers, malicious software designed to install malware, such as ransomware, onto a target system.
Meanwhile, the now-defunct Conti heavily relied on botnets busted in the operation to gain access to target systems. The authorities did not reveal how Operation Endgame led them to the Conti’s affiliates in Ukraine.
Your email address will not be published. Required fields are markedmarked