A worldwide two year operation has captured 12 individuals in various criminal organizations who were “wreaking havoc” through ransomware attacks that affected 1,800 victims.

The 12 suspects are believed to have mounted ransomware attacks against companies or infrastructure in 71 countries and were "targeted" in raids in Ukraine and Switzerland.

Authorities from Norway, France, the Netherlands, Ukraine, Germany, Britain, Switzerland and the United States were involved in the crackdown together with Europol and Eurojust, the European Union's agency for judicial cooperation.

Norwegian police said one of the firms believed to have been hit by the suspects in the case was metals maker Norsk Hydro ASA (NHY.OL), which in 2019 suffered a ransomware attack that paralyzed parts of its production. The company refused to pay the hackers, it said at the time, but suffered losses amounting to tens of millions of dollars as a result of disruptions to its operations.

The other businesses that were allegedly hit by the ransomware demands were not named.

"The targeted suspects all had different roles in these professional, highly organized criminal organizations," Europol said in a statement, with some responsible for hacking and others for laundering proceeds via cryptocurrency.

During the raids police seized over Euros 44,800 ($52,000) in cash, five luxury cars, and computer and phone equipment which are being examined to find evidence and new investigative leads, Europol said.

Authorities believe each of the cybercriminals had different roles in the criminal organizations. Some were in charge of penetrating the victims’ IT networks using various means, including brute force attacks, SQL injections, stolen credentials, and phishing emails with malicious attachments.

Once in, the criminals would deploy malware, such as Trickbot, and other tools to help them stay under the radar and gain further access.

Europol added: “The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying a ransomware.

“The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected.”

W Denis has a specialist Cyber Insurance department, that can offer first class technical advice and competitive cyber insurance quotations. Solutions are available for multi-billion turnover businesses, down to small start-ups.

If you wish to discuss any insurance questions or have an queries please visit www.wdenis.eu or contact Vida Jarašiūnaitė Vida.Jarasiunaite@wdenis.eu