International ransomware investigation has Calgary police sounding alarm

CBC
·2 min read
Police are urging possible ransomware victims to report to local law enforcement, as well as the Canadian Anti-Fraud Centre, online or by phone (1-888-495-8501). (PabloLagarto/Shutterstock - image credit)
Police are urging possible ransomware victims to report to local law enforcement, as well as the Canadian Anti-Fraud Centre, online or by phone (1-888-495-8501). (PabloLagarto/Shutterstock - image credit)

A complex global investigation into a ransomware network has resulted in multiple arrests, with the Calgary Police Service playing a significant role and offering warnings for possible future victims.

Europol announced on Monday the arrest of five people believed to be connected to Operation GoldDust. The investigation into several high-profile ransomware "families" has been led by the European Union Agency for Law Enforcement Co-operation.

Those arrested are suspected in 7,000 ransomware infections worldwide. Canadian investigators estimate 600 infections occurred in Canada, Calgary police said in a news release Monday.

Ransomware — which involves malicious software that accesses and prevents the use of critical computer files followed by a demand for payment to restore those files — is considered a huge global problem requiring complex investigations and co-operation across many police agencies.

The Canadian component of Operation GoldDust launched in January of last year. Headed by multiple RCMP units and the Calgary Police Service (CPS), it targeted a syndicate known as REvil, also called the Sodinokibi family.

REvil/Sodinokibi allegedly provided the malicious software, or malware, to other groups who used it "to encrypt or steal a victim's data and extort them for money in exchange for returning the data," police said.

Canadian intelligence led to the discovery of related computer infrastructure in Europe, Asia and Canada. Prosecutions will be handled by some European countries and the United States.

"Though these arrests happened thousands of kilometres away, the crimes these suspects committed had a very real impact on citizens in Calgary and across Canada," said Insp. Phil Hoetger of CPS's technical investiations section.

An RCMP spokesperson said it's important to come forward after an attack.

"People and organizations can help, too, by learning how to protect yourself and reporting it to local police. There is no shame in falling victim. Police are here to help and your reports can assist in taking down criminals, their networks and their assets," said Chris Lynam, of the RCMP national cybercrime co-ordination unit (NC3).

Police are urging possible victims to report to local law enforcement, as well as the Canadian Anti-Fraud Centre, online or by phone (1-888-495-8501).

Police also caution against paying ransoms because there's no guarantee that data will be restored and the payment of funds will "support criminal activity, encourage perpetrators to target more victims, and offer an incentive for others to get involved in this illegal activity."

  • Up next
  • Up next
  • Up next
  • Up next

Latest Stories