A complex global investigation into a ransomware network has resulted in multiple arrests, say Calgary police which took on a significant role.
They, along with RCMP, are now are offering warnings for possible future victims.
Europol announced Monday the arrest of five people believed to be connected to Operation GoldDust. The investigation into several high-profile ransomware “families” has been led by the European Union Agency for Law Enforcement Co-operation.
Those arrested are suspected in 7,000 ransomware infections worldwide. Canadian investigators estimate 600 infections occurred in Canada, Calgary police said in a news release.
Ransomware — which involves malicious software that accesses and prevents the use of critical computer files followed by a demand for payment to restore those files — is considered a huge global problem requiring complex investigations and co-operation across many police agencies.
The Canadian component of Operation GoldDust launched in January of last year. Headed by multiple RCMP units and the Calgary Police Service (CPS), it targeted a syndicate known as REvil — also called the Sodinokibi family.
REvil allegedly provided the malicious software, or malware, to other groups who used it “to encrypt or steal a victim’s data and extort them for money in exchange for returning the data,” police said.
Canadian intelligence led to the discovery of related computer infrastructure in Europe, Asia and Canada. Prosecutions will be handled by some European countries and the United States.
“Though these arrests happened thousands of kilometres away, the crimes these suspects committed had a very real impact on citizens in Calgary and across Canada,” said Insp. Phil Hoetger of CPS’s technical investigation section.
RCMP say it’s important to come forward after an attack.
“People and organizations can help, too, by learning how to protect yourself and reporting it to local police. There is no shame in falling victim. Police are here to help and your reports can assist in taking down criminals, their networks and their assets,” said Chris Lynam of the RCMP national cybercrime co-ordination unit (NC3).
Police are urging possible victims to report to local law enforcement, as well as the Canadian Anti-Fraud Centre, either online or by phone (1-888-495-8501).
Police also caution against paying ransoms because there’s no guarantee that data will be restored and the payment of funds will “support criminal activity, encourage perpetrators to target more victims, and offer an incentive for others to get involved in this illegal activity.”
View original article here Source