French law enforcement agencies are looking in Ukraine for developers who used LockerGoga ransomware to attack more than 1,200 industrial enterprises around the world.
According to the French police, some IP-addresses are from Ukraine.
LockerGoga is a dangerous ransomware that criminals have used in a number of targeted attacks aimed at large enterprises. In particular, the international software company Altran, the Norwegian aluminum producer Norsk Hydro, as well as the American chemical companies Hexion and Momentive, suffered from the malware, and the latter was forced to purchase new computers to replace infected PCs.
“The basis for entering information into the Unified Register of Pre-trial Investigations is a report to the Prosecutor General of Ukraine of the competent authorities of the French Republic on cyberattacks during November 2018 – June 2019 to more than 1,200 sites in different countries using the ransomware “LOCKER GOGA”. The ALTRAN company was subjected to a cyberattack in the form of the ransomware malware, as these companies were blocked and attackers demanded to pay a ransom of 500 bitcoins (approximately 1.5 million euros) in exchange for an encryption key”, — the case file says.
Using the information provided by e-mail and IP addresses, the staff of the Department of Cyber Police of the National Police of Ukraine identified four suspects. According to the investigation, one of them, presumably, is the developer and distributor of the malware “uAdmin”.
Currently the investigation is ongoing and law enforcement officials requested permission from the court to access telecommunications data that could be used by attackers.
“The investigating judge, after examining the petition and the documents attached to it, concluded that there were grounds for granting temporary access to the information held by the mobile operators, since the said measure of securing criminal proceedings is really aimed at obtaining evidence and verifying evidence already obtained in criminal proceedings”, – said in the court materials of the Ukrainian side.
However, according to experts, the chances that hackers used real mailboxes during the attack, and moreover on Ukrainian servers, are scanty.
However, not only industrial enterprises are threatened by cybercriminals. As was recently reported, using a special message, an attacker can disable the applications of all members of a group chat in Whatsapp.