12 June 2024

Developer who worked for LockBit and Conti ransomware gangs arrested in Ukraine


Developer who worked for LockBit and Conti ransomware gangs arrested in Ukraine

Ukraine’s police have arrested a Kyiv resident who allegedly developed software for the notorious LockBit and Conti ransomware operations.

In an operation led by the Office of the Prosecutor General, cyber police operatives and investigators from the Main Investigative Department of the National Police identified a 28-year-old native of Kharkiv region. This individual had been collaborating with the Russian hacker group for a reward paid in cryptocurrencies, the police said.

According to the press release, the suspect developed so-called “cryptors” - specialized software designed to disguise computer viruses as safe files, hiding them from the most popular antivirus programs. These cryptors were used in the Conti ransomware attacks targeting computer networks of enterprises in the Netherlands and Belgium.

Through their investigation, cyber police linked the suspect to the Russian hacker groups “LockBit” and “Conti,” both known for disabling industrial enterprises by encrypting computer networks to extort ransoms.

The LockBit ransomware operation was disrupted in February 2024 as result of a global police effort codenamed ‘Operation Cronos,’ involving law enforcement authorities from 11 countries. In May, the US, UK, Australian authorities and Europol doxxed the administrator of the notorious LockBit ransomware operation, identified as Dmitry Yuryevich Khoroshev (aka 'LockBitSupp' and ‘putincrab’).

As for Conti, the ransomware group shut down operations in 2022 following the exposure of its internal chats and ransomware encryptor source code.

During the raids in Kyiv and the Kharkiv region, the police seized computer equipment, mobile phones, and handwritten notes.

The investigation is ongoing, and the issue of charging the suspect under Part 5 of Article 361 (Unauthorized Interference with the Operation of Information (Automated), Electronic Communication, Information and Communication Systems, Electronic Communication Networks) of the Criminal Code of Ukraine is being considered. The sanction under this article provides for up to 15 years of imprisonment. Additional legal qualifications may also be applied.


Back to the list

Latest Posts

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

The attackers exploited a bug in an Apache HTTP server to deliver the MgBot malware.
23 July 2024
New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

The attackers likely gained access through a vulnerability in an externally facing Mikrotik router.
23 July 2024
NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

The crackdown follows the arrest of one of the site's suspected admins earlier this month.
23 July 2024