Europol adds Ukrainian national to Most Wanted list for major ransomware attacks all around the world
Europol has included a “high-value cybercrime suspect” on the EU’s Most Wanted list. It concerns a Ukrainian national who is believed to be a leading figure in an organized crime network and is responsible for carrying out numerous cyberattacks.
According to Europol, the fugitive is responsible for the 2019 ransomware attack against a major Norwegian aluminium company, as well as a series of other cyberattacks worldwide.
The suspect, a 28-year-old man from Ukraine called Volodymyr Viktorovych, is wanted by several countries for participation in a criminal organization and is considered a top priority target for international law enforcement agencies.
From 2018 to 2020, Viktorovych and his accomplices were involved in the development and deployment of LockerGoga ransomware, as well as MegaCortex and Nefilim ransomware variants, on the devices of more than 250 companies in the United States alone. The ransomware operation caused more than $18 billion in damage worldwide.
“Volodymyr is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay. Today’s charges reflect international coordination to unmask and charge a dangerous and pervasive ransomware actor who can no longer remain anonymous,” U.S. Attorney Joseph Nocella Jr. for the Eastern District of New York says in a statement.
That’s why authorities from the United States have offered a reward of up to $10 million for information leading to the identification or whereabouts of the suspect.
Numerous countries are involved in this case, including investigators from France, Germany, Norway, Switzerland, Ukraine, the United Kingdom, and the United States, together with Europol and Eurojust.
As part of the investigation, several members of the criminal network have already been arrested in Ukraine. The group’s structure was also mapped, leading to the identification of several other members. This involved a diverse group of individuals, ranging from malware developers to people involved in laundering the proceeds of the attack campaign.