SOCRadar® Cyber Intelligence Inc. | How does Global Law Enforcement deal With the Ransomware Crisis?


Dec 10, 2021
6 Mins Read

How does Global Law Enforcement deal With the Ransomware Crisis?

Ransomware attacks have been increasing in recent years. In October, more than thirty countries came together at a summit on how to take action in this regard. This article has compiled different legal methods used to deal with ransomware.

Ransomware attacks can be combated in several ways under federal law. First, let’s start by naming the ransomware attackers prosecuted under federal criminal laws such as the Computer Fraud and Abuse Act (CFAA).

In addition, other criminal laws, such as the “against aiding and abetting conspiracy” law, can be used to prosecute people who help develop ransomware used by others.

In rare situations, victims who pay ransoms may face criminal or civil penalties, such as when a ransom payment is made deliberately to an entity that has been recognized as a foreign terrorist organization or is subject to Treasury Department sanctions. 

Why are Governments Interfering with Ransomware Groups?

Both were preventing and responding to ransomware attacks, federal cybersecurity regulations are critical. Federal agencies are required to safeguard their networks by cyber readiness laws. The Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Personnel Management (OPM) are authorized to develop federal network security requirements.

Other cyber-preparedness rules give federal agencies the authority to help private companies secure their networks in the critical infrastructure sector. Furthermore, many data protection regulations impose obligations on covered organizations to protect the client or consumer information. 

In a ransomware attack or other cyber incident, federal law compels CISA and other federal agencies to collaborate to minimize disruption to federal networks and authorizes them to assist private firms in incident response and damage mitigation.

What is the U.S. Way of Dealing with Ransomware?

The U.S. Department of Justice’s Ransomware and Digital Extortion Task Force, including the Criminal Division, is working with the Attorneys’ Office to prioritize the disruption, investigation, and prosecution of ransomware and digital extortion attacks by tracking and identifying the cybercriminals responsible. 

Through the task force, the department also strategically monitors the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies and private sector partners. The transcontinental coordination and operation between the law enforcement agencies are also crucial to generate threat data and enable police authorities to prevent attacks. 

For instance, the operation against Sodinokibi/REvil ransomware operators was carried out by 19 law enforcement agencies in 17 countries.

Europol: “Seven REvil/GandCrab ransomware affiliates were arrested in 2021.”

Recent Operations Round-Up

Over 1,000 Cyber Criminals From 20 Countries Have Been Apprehended By Interpol, With A Total Value Of $27 Million Seized

On November 28, 2021, Interpol, the worldwide criminal police agency, organized a four-month investigation that resulted in the arrest of over 1,000 cybercriminals and the recovery of $27 million in illicit revenues.

The “HAECHI-II” crackdown allowed law enforcement agencies from 20 countries, as well as Hong Kong and Macao, to close 1,660 cases and block 2,350 bank accounts linked to fraudulent, illicit funds obtained through a variety of online financial crimes, including romance scams, investment fraud, and money laundering associated with illegal online gambling.

The Department of Justice Has Seized $6.1 Million In Connection with Alleged Ransomware Extortionists.

An indictment unsealed on November 8, 2021, Yaroslav Vasinskyi, a 22-year-old Ukrainian national, is charged with conducting ransomware attacks against many victims, including the July 2021 attack on Kaseya a multi-national information technology software company, according to an indictment unsealed today. 

The department also reported today the recovery of $6.1 million in money linked to alleged ransom payments made by Yevgeniy Polyanin, a 28-year-old Russian national accused of launching Sodinokibi/REvil ransomware operations in Texas on or around August 16, 2019.

Europol Has Detained Suspects in The Ransomware Assaults LockerGoga, MegaCortex, And Dharma

Europol said in the last week of October 2021 that it detained 12 suspects it believes were part of a professional criminal cell that coordinated a long stretch of ransomware attacks against significant companies that have affected over 1,800 victims in 71 countries since 2019. 

On Tuesday, October 26, the suspects were apprehended in Ukraine and Switzerland. The group would frequently use malware like TrickBot or post-exploitation frameworks like Cobalt Strike or PowerShell Empire to stay unnoticed and acquire further access. The group appears to have worked as an affiliate for numerous Ransomware-as-a-Service (RaaS) platforms, using ransomware families such as LockerGoga, MegaCortex, and Dharma.

The Servers of The Gang Behind the Health and Safety Executive (HSE) Cyberattack Have Been Seized by The Garda

In the first week of October 2021, Garda technical experts were involved in a significant operation, according to the head of the National Cyber Crime Bureau, which involved the ‘seizure’ of the cyber gang’s servers used in the massively damaging disruptive cyberattack on the HSE last May. 

The hack is thought to have been carried out by the Russian-based Conti ransomware organization. It’s also believed to have demanded a $20 million ransom to unlock ‘stolen’ or encrypted material, allowing the HSE to restore its systems sooner. According to Det. Chief Supt. Paul Cleary, the Bureau, initiated a disruption take-down operation in two weeks, seizing the hackers’ technical infrastructure.

Police Seized $1.3 Million In Cryptocurrency from A ‘Prolific’ Ransomware Gang That Targeted U.S. Energy Firms.

A police raid in Ukraine targeting a known ransomware group resulted in the arrest of two people and the seizure of $1.3 million in digital assets on September 28, 2021. The raid on September 28 targeted a sophisticated hacker organization responsible for tens of millions of dollars in cybercrime. It involved many foreign crime-fighting agencies and searches across seven different homes. 

In addition to the cash, the raid uncovered $ 375,000 in assets and two luxury vehicles worth over $ 250,000. During the investigation, Europol’s Joint Cybercrime Action Taskforce (J-CAT) collaborated with law enforcement officers from France, Ukraine, Interpol, and the FBI’s Atlanta field office in the United States.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Try for free