Kyiv police have identified a 28-year-old man suspected of collaborating with major Russian ransomware groups to develop undetectable malware. The individual, hailing from Kharkiv, allegedly worked with Conti and LockBit, providing cryptor technology to conceal ransomware payloads from anti-malware tools. This technology was reportedly deployed to infect the computer networks of a Dutch multinational company in late 2021, leading to ransom demands by the Conti group.
Following a request from Dutch law enforcement, Ukrainian officers conducted searches in Kharkiv and Kyiv, seizing computer equipment, mobile phones, and handwritten notes. While it remains uncertain if the suspect has been apprehended, Dutch police, in a separate release, indicated that the individual was arrested on April 18 at their request. The investigation, part of Operation Endgame led by Europol, aims to disrupt criminal networks associated with prominent malware families.
The involvement of the 28-year-old with LockBit was not explicitly detailed, although the group was targeted in a significant law enforcement operation earlier in the year. The Dutch police noted that the suspect’s actions extended beyond providing cryptor capabilities, as he allegedly infected the computer networks of a Dutch company with Conti’s malware in 2021, leading to data encryption and ransom demands. This development underscores ongoing efforts by international law enforcement to combat cybercrime and dismantle ransomware operations.
