Las fuerzas del orden francesas están buscando en Ucrania desarrolladores que utilizaron el ransomware LockerGoga para atacar a más de 1,200 empresas industriales en todo el mundo.
Según la policía francesa, algunas direcciones IP son de Ucrania.
casillerogoga es un ransomware peligroso que los delincuentes han utilizado en una serie de ataques dirigidos a grandes empresas. En particular, la empresa internacional de software Altran, el productor noruego de aluminio Norsk Hydro, así como las empresas químicas estadounidenses Hexion y Momentive, sufrió el malware, y este último se vio obligado a comprar nuevas computadoras para reemplazar las PC infectadas.
“The basis for entering information into the Unified Register of Pre-trial Investigations is a report to the Prosecutor General of Ukraine of the competent authorities of the French Republic on cyberattacks during November 2018 – Junio 2019 to more than 1,200 sites in different countries using the ransomware “LOCKER GOGA”. The ALTRAN company was subjected to a cyberattack in the form of the ransomware malware, as these companies were blocked and attackers demanded to pay a ransom of 500 bitcoins (aproximadamente 1.5 million euros) in exchange for an encryption key”, — the case file says.
Using the information provided by e-mail and IP addresses, the staff of the Department of Cyber Police of the National Police of Ukraine identified four suspects. Según la investigación, one of them, presumably, is the developer and distributor of the malware “uAdmin".
Currently the investigation is ongoing and law enforcement officials requested permission from the court to access telecommunications data that could be used by attackers.
“The investigating judge, after examining the petition and the documents attached to it, concluded that there were grounds for granting temporary access to the information held by the mobile operators, since the said measure of securing criminal proceedings is really aimed at obtaining evidence and verifying evidence already obtained in criminal proceedings», – dicho in the court materials of the Ukrainian side.
Sin embargo, según los expertos, the chances that hackers used real mailboxes during the attack, and moreover on Ukrainian servers, are scanty.
Sin embargo, not only industrial enterprises are threatened by cybercriminals. As was recently reported, using a special message, an attacker can disable the applications of all members of a group chat in Whatsapp.