Ad End 1 February 2024
Ad Ends 13 January 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
adv exp at 23 August 2024
casino
swipe store
Carding.pw carding forum
BidenCash Shop
Kfc CLub

Cyberpolice tracked down Ukrainian ransomware hacker who committed crimes in Germany

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,515
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
As reported, an unknown person planted the Rapid (VI) Trojan program in the IT systems of four German companies, and encrypted all important documents and data with it. Having contacted employees of these companies by e-mail, he offered to restore the data.

He asked to pay for the restoration in bitcoins, in the equivalent of 2 thousand US dollars (if the money is transferred within 2 days). If there are delays in the transfer of money, the cost of decryption will automatically rise to 5 thousand dollars.

To confirm that he is able to keep his promise, the hacker sent in several decrypted files.

Most of the law-abiding Germans did not negotiate with the extortionist and turned to the competent authorities. And only an employee of a private design bureau tried to fulfill the requirements of the extortionist and sent him 0.25 BTC ($ 2002.00). Despite this, the hacker never fulfilled his promise.

After analyzing all the facts and data, the German police came to the conclusion that although the email addresses from which they wrote to the companies were different, all these cases have a similar handwriting - the same message text and the same version of the Trojan program, despite the fact that that at the time of the incident there were already more recent versions. Consequently, the Germans came to the conclusion that in all episodes the same person or a group of people appears.

Using telecommunication tracking methods, law enforcement officers found out the IP addresses from which the attacker accessed the mail server and correspondence. Most of them were traced back to typical TOR and VPN anonymization servers, where the traces were cut off and the investigation was not able to move in this direction.

However, some of the connections were made from Ukrainian IP addresses. At first, these cases were isolated, but later they became more frequent. Investigators concluded that these addresses were not encrypted as a result of the anonymizer failure, and are the attacker's real IP addresses.

As a result, on the basis of Art. 29 of the Convention on Cybercrime, the German Federal Criminal Police Department requested the so-called "pre-storage" of all the credentials of a number of Ukrainian Internet providers.

Based on this request, the Svyatoshinsky Court of Kiev ruled to provide access to the data of these Internet providers, since they are essential in determining who was the user of the suspected IP addresses during the required period of time.

If, before September 5, 2020, the providers do not voluntarily provide the data of interest to the investigation, the court gave the police the right to temporarily seize the companies' servers and documents.

__________________
 
Ad End 1 February 2024
Top