Interpol Issues Wanted Notices, Helps Dismantle Cybercrime Network

Published: 10 November 2021


Money found during the raid of the suspect's home in Ukraine Source: Interpol video

By Damir Beslija

Interpol has issued two wanted notices for suspects believed to be connected to a global malware crime network that attacked Korean companies and U.S. academic institutions by blocking access to their computer files and networks and demanding ransom to unblock them.

The Interpol Red Notices were issued on request by South Korea’s cybercrime investigation division and follow the June arrest of six members of a notorious ransomware family in Ukraine and the seizure of their property as well as US$185,000 in cash.

The six suspects were allegedly linked to a Russian-language cybercriminal network called CI0p, known for naming-and-shaming its victims on a Tor leak site. They are also believed to have acquired $500 million in ransom and if found guilty, face up to eight years in prison. 

The network allegedly targeted transportation, logistics, education, manufacturing, healthcare and high-tech sectors and threatened the companies that they would make sensitive data public if additional payments were not made. 

“Despite spiralling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly,” said Interpol’s Director of Cybercrime, Craig Jones.

Interpol said it conducted this 30-months-long investigation with the help of private partners Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet and Group-IB through its Gateway project.

The project boosts law enforcement and private industry partnerships to generate threat data from multiple sources and enable police authorities to prevent attacks.

Further illustrating the power of private sector cooperation in cybercrime investigations, Interpol mentioned two Korea-based cyber threat companies – S2W LAB and KFSI – which also provided the international police agency with valuable dark web data analysis, the statement said.