A 28-year-old man from the Kharkiv region in Ukraine has been arrested in Kyiv for his involvement with the Russian ransomware groups Conti and LockBit.


Authorities suspect that he developed crypters to encrypt ransomware payloads, aiding the malware in evading detection on compromised systems. The suspect’s crypters were reportedly sold to the Conti and LockBit syndicates [1], enabling them to effectively disguise their file-encrypting malware [1]. He specialized in creating crypters to conceal computer viruses as harmless files, potentially helping the ransomware gangs bypass antivirus software [3]. Evidence suggests that he assisted both Conti and LockBit in making their malware undetectable [3], increasing their success in attacking compromised networks [3]. Dutch police believe he played a significant role in orchestrating a ransomware attack in late 2021 on a Dutch multinational company in the Netherlands and Belgium using a Conti payload as an affiliate for the gang. Ukrainian and Dutch authorities have identified him as a crypter specialist linked to the 2021 Conti ransomware attack on a Dutch multinational company and with connections to LockBit ransomware operations. As part of “Operation Endgame,” a joint law enforcement operation aimed at disrupting criminal networks behind various malware families, Ukrainian police conducted house searches in Kyiv and the Kharkiv region [4], seizing computer equipment [1] [2] [4], mobile phones [1] [2] [4], and notebooks for further investigation [4]. This operation is part of an international effort against botnets [4], resulting in four arrests and the seizure of over 100 Internet servers [4]. If found guilty [1], the accused could face up to 15 years in prison [1].


The arrest of the suspect highlights the ongoing efforts of law enforcement agencies to combat cybercrime and disrupt criminal networks involved in ransomware attacks. This case serves as a reminder of the importance of international cooperation in addressing cyber threats and the need for continued vigilance in protecting against malicious activities in the digital realm.


[1] https://www.techtimes.com/articles/305656/20240613/conti-linked-suspect-arrested-ukraine-face-up-15-years-prison.htm
[2] https://cybermaterial.com/kyiv-police-identify-ransomware-suspect/
[3] https://enterprise.bitdefender.com/blog/hotforsecurity/ukrainian-police-arrest-alleged-encryption-expert-linked-to-conti-and-lockbit-ransomware-gangs/
[4] https://www.technadu.com/conti-and-lockbit-ransomware-hacker-arrested-in-ukraine/532619/