1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Europol identifies 12 members of global cybercrime gang

October 29, 2021

A dozen suspects were targeted in Ukraine and Switzerland after carrying out "aggressive" attacks against critical infrastructure. More than 1,800 people in 71 countries were affected by their actions.

Symbol picture of cybercrime
The operation included raids in Ukraine and Switzerland this weekImage: Frank Rumpenhorst/dpa/picture alliance

Europol on Friday identified 12 suspects that the agency has reason to believe are key members of a group of globally operating cybercriminals.

What did Europol say?

The EU's police agency said the 12 individuals had been targeted in raids across Ukraine and Switzerland this week. The raids took place after a two-year investigation.

The suspects are accused of "wreaking havoc across the world with ransomware attacks against critical infrastructure," according to a statement on Europol's website.

"These attacks are believed to have affected over 1,800 victims in 71 countries," the crime agency said. "These cyber actors are known for specifically targeting large corporations, effectively bringing their businesses to a standstill."

"Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions," Europol added. "A number of electronic devices are currently being forensically examined to secure evidence and identify new investigative leads." 

How much are hackers making?

The accused are believed to have been involved in "devastating attacks" targeting major companies and critical infrastructure, according to Europol and Eurojust, the European judicial authority.

Ransoms demanded

The suspects have not yet been arrested, but are said to have had different roles within the criminal outfit, with some accessing information technology networks, while others installed malicious software.

The 12 suspects were said to have spent several months searching systems for further vulnerabilities before they blocked systems and demanded ransoms.

jsi/wd (dpa, AFP)