The operatives of the Cyber Police Department and investigators from the Main Investigative Department of the National Police, under the procedural guidance of the Office of the Prosecutor General, conducted a multi-level special operation to neutralize an organized criminal group.

The Joint Investigation Team (JIT), including colleagues from Europol (the EU's law enforcement agency for combating international organized crime) and Eurojust (the agency coordinating judicial bodies of the EU), also participated in the combined investigative group.

"Criminals targeted the most powerful global companies in France, Norway, Germany, the Netherlands, Canada, and the USA, starting from 2018. As a result of months of meticulous work, Ukrainian law enforcement, with the support of colleagues from the USA, Norway, the Netherlands, Germany, and France, identified the 32-year-old leader of the hacking group and his four most active associates," noted Yuriy Vyhodets, the head of the Cyber Police Department.

For their hacking attacks, the perpetrators utilized self-developed malicious software, particularly several encrypting viruses.

Primarily, the criminals compromised the accounts of employees of the targeted enterprise, using information from open sources and social engineering methods. By disseminating malicious code through hijacked accounts within the corporate ecosystem, hackers gained access to servers and extracted information.

Subsequently, the data on the victims' computers was encrypted, rendering it unusable. For the decryption of the information, members of the international hacking group demanded multimillion-dollar payments in cryptocurrency.

For instance, to restore the operation of servers for one of the leading chemical companies in the Netherlands, the criminals demanded a transfer of 450 BTC (bitcoins) to their controlled cryptocurrency wallet, equivalent to 48 million Ukrainian hryvnias.

The men developed and updated malicious software, conducted hacking attacks, sought so-called drops with cryptocurrency wallets for ransom, and distributed the earnings among other members of the group.

Over the course of several years of criminal activity, it was determined that the criminals encrypted over 1,000 servers of global companies, causing damages totaling over 3 billion hryvnias in the national currency.

To neutralize the criminal group and analyze digital data, over 20 law enforcement officers from Norway, France, Germany, and the United States Federal Bureau of Investigation arrived in the capital. In the Netherlands, Europol established a special working group and a Virtual Command Post for urgent analysis of information obtained during investigative actions in Ukraine.

With the support of the TOR special unit, law enforcement officers conducted over 30 authorized searches in the premises and vehicles of the suspects in the Kyiv region, as well as in the Cherkasy, Rivne, and Vinnytsia regions.

Seized items include computer equipment, vehicles, bank and SIM cards, draft records, as well as dozens of electronic storage devices and other evidence of unlawful activities. This includes nearly 4 million hryvnias and cryptocurrency assets. The issue of arresting the seized property is under consideration.