Ukrainian cyber police and investigators from the National Police have arrested a 33-year-old member of an unnamed ransomware group that had orchestrated large-scale cyberattacks targeting leading industrial enterprises in France, Norway, Germany, the Netherlands, Canada, and the United States.
Using custom-developed malware, including ransomware such as LockerGoga, MegaCortex, HIVE and Dharma, the hackers encrypted data on victim company networks, rendering it inaccessible.
The attackers demanded multimillion-dollar ransom payments in cryptocurrency, funneled into wallets controlled by intermediaries. The financial damage caused by the group’s activities is estimated to exceed 3 billion UAH (~$72 million).
The group was neutralized in November 2023 as part of a joint law enforcement operation involving police agencies from the US, France, Norway, the Netherlands, Germany, as well as Europol and Eurojust
Authorities conducted more than 80 court-authorized searches across Ukraine, seizing over 24 million UAH in crypto-assets, nine luxury vehicles, and 24 land plots totaling nearly 12 hectares. All assets have been frozen by court order to secure compensation for damages.
As a result of the investigation, authorities identified a member of the group, a foreign national residing in Kyiv, who specialized in identifying vulnerabilities in the corporate networks of targeted enterprises. His findings were later used by accomplices to plan and execute the cyberattacks.
The US FBI placed the individual on an international wanted list and charged him in absentia with multiple violations of US federal law. Acting on a request from the Office of the Prosecutor General, Ukrainian law enforcement arrested the suspect.
On the basis of a ruling by the Solomyansky District Court of Kyiv, the suspect was placed under extradition arrest. Following the completion of extradition procedures, the man was officially handed over to US authorities on June 18, 2025.
