Two hackers arrested in Alicante who belong to a cybercriminal organisation

The Guardia Civil has apprehended two cybercriminals in Torrevieja in Alicante who are members of the Ragnar Locker group, an organization known for extorting victims through ‘data kidnapping’. This marks a significant international operation involving eleven countries, delivering a severe blow to the group responsible for numerous attacks on critical infrastructure worldwide.

In addition to the two arrested on the Costa Blanca, a third arrest was made in Latvia. The infrastructure supporting the "ransomware" has been dismantled in the Netherlands, Germany, and Sweden. Furthermore, the associated data leak website on the Tor network has been shut down in Sweden. The alleged creator of this notorious ransomware program has been located in the Czech Republic, with multiple raids taking place in Ukraine.

The investigation was led by the French Gendarmerie Nationale, in collaboration with law enforcement agencies from the Czech Republic, Germany, Italy, Japan, Latvia, the Netherlands, Spain, Sweden, Ukraine, and the United States.

During the raids, in addition to seizing various computer equipment, the Guardia Civil managed to confiscate three different types of cryptocurrencies: Bitcoin (BTC), Litecoin (LTC), and Binance Coin (BNB).

Ransom and Extortion.
Ransomware is a type of malware that encrypts sensitive data stored on a company's servers, demanding a ransom payment, typically in cryptocurrency, in exchange for the decryption key to recover the information. This criminal group, operating with a well-known ransomware, is accused of targeting major critical infrastructure, including the Air Portugal airline and a hospital in Israel.

Their modus operandi was characterised by a dual extortion tactic, demanding exorbitant payments for decryption tools and to refrain from disseminating the stolen confidential data obtained during the cyberattacks. They explicitly warned victims that there would be consequences if they reported the incident to the police, threatening to publish the stolen data.

Back in October 2021, investigators from the French Gendarmerie Nationale and the FBI in the United States, along with specialists from Europol and Interpol, travelled to Ukraine for a joint investigation with the Ukrainian National Police, resulting in the arrest of two key members of the criminal group.