CALGARY – TECH – Ransomware is a growing cybercrime globally. Operation Golddust has seen the arrest of five persons in an international operation combatting ransomware.
“Though these arrests happened thousands of kilometers away, the crimes these suspects committed had a very real impact on citizens in Calgary, and across Canada,” says Insp. Phil Hoetger of CPS Technical Investigations Section. “This Operation demonstrates the necessity for law enforcement to work together, share information and pool resources in today’s digital era.”
“No organization can fight cybercrime alone. The NC3 was created to help bring law enforcement, and the public and private sectors together to collaborate in combatting cybercrime. People and organizations can help too by learning how to protect yourself and reporting it to local police. There is no shame in falling victim. Police are here to help and your reports can assist in taking down criminals, their networks and their assets,” says Chris Lynam, the Director General of the NC3 and Canadian Anti-Fraud Centre.
Europol has announced the arrest of five individuals believed to be connected to Operation GoldDust, a Europol-led and internationally-supported investigation into several high-profile ransomware “families”. The individuals arrested are suspected of being responsible for 7,000 ransomware infections worldwide. Canadian investigators estimate approximately 600 infections occurred in Canada.
Ransomware attacks continue to be one of the largest cyber-security threats to individuals and businesses around the globe. Because of the nature of these cybercrimes, investigations into these attacks are often complex and involve offenders, digital evidence and computer infrastructure that are located in multiple jurisdictions.
Since January 2020, the RCMP National Cybercrime Coordination Unit (NC3), Royal Canadian Mounted Police Technical Operations and Calgary Police Service (CPS) Cybercrime Team led the Canadian investigation in Europol’s Operation GoldDust, which targeted the REvil (also known as Sodinokibi) ransomware family.
REvil/Sodinokibi is alleged to have been a ransomware-as-a-service (Raas) operation, which provided malware to affiliates in exchange for payment. The affiliates would then carry out targeted and indiscriminate attacks to encrypt or steal a victim’s data and extort them for money in exchange for returning the data.
As a result of the Canadian investigation, CPS and the NC3 identified additional computer infrastructure and ransomware suspects in several countries in Europe and Asia, as well as infrastructure located in Canada. The prosecution of the individuals arrested is being led by several European countries and the United States.
Policing efforts in the cyber realm are facing unprecedented challenges. However, as cyber criminals evolve, so do law enforcement and partners. Operation GoldDust is another excellent example of the importance of national and international partnerships and collaboration. In this case, Europol and the Joint Cybercrime Action Taskforce (J-CAT) were instrumental in sharing intelligence and coordinating enforcement actions.