The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software program and conducting not less than one assault himself.
The investigation was backed by data shared by the Dutch police who responded to a ransomware assault on a Dutch multinational, adopted by data-theft extortion.
The person was arrested on April 18, 2024, as a part of the ‘Operation Endgame‘ regulation enforcement operation that took down numerous botnets and their important operators.
Because the Conti ransomware group used a few of these botnets for preliminary entry on breached endpoints, proof led investigators to the Russian hacker.
The Ukrainian police reported that the arrested particular person was a specialist in creating customized crypters for packing the ransomware payloads into what appeared as secure information, making them FUD (totally undetectable) to evade detection by the favored antivirus merchandise.
The police discovered that the person was promoting his crypting companies to each the Conti and LockBit cybercrime syndicates, serving to them considerably improve their probabilities of success on breached networks.
The Dutch police confirmed not less than one case of the arrested particular person orchestrating a ransomware assault in 2021, utilizing a Conti payload, so he additionally operated as an affiliate for max revenue.
“As part of the pre-trial investigation, police, together with patrol officers of the special unit “TacTeam” of the TOR DPP battalion, conducted a search in Kyiv,” reads the Ukraine police announcement.
“Additionally, at the international request of law enforcement agencies in the Netherlands, a search was conducted in the Kharkiv region.”
On account of these searches, laptop gear, cellphones, and handwritten notes had been seized for additional examination.
The investigation into the programmer’s actions and exact involvement within the Conti and LockBit assaults is at the moment underway.
The suspect has already been charged with Half 5 of Article 361 of the Prison Code of Ukraine (Unauthorized interference within the work of knowledge, digital communication, data and communication techniques, digital communication networks) and faces as much as 15 years imprisonment.
