Russian law enforcement officers have cooled the ardor of sugar hackers.
Russian law enforcement agencies, together with F. A. C. C. T. specialists, have arrested members of the SugarLocker cybercrime group. The group disguised itself as a legitimate IT company Shtazi-IT, which offers the development of landing pages, mobile applications, scripts, parsers, and online stores.
The investigation revealed that the SugarLocker ransomware program (Encoded01) was created in early 2021, but was not initially actively used. In November of the same year, a user under the pseudonym "GustaveDore" on the underground RAMP forum presented a partner program based on the Ransomware-as-a-Service (RaaS) model, calling for cooperation to use the SugarLocker cryptographer.
The ad stated that the group penetrates victims networks through RDP (Remote Desktop Protocol) and offers partners 70% of revenue, leaving 30% for SugarLocker. When revenue exceeds $5 million, the profit distribution changes by 90% in favor of the partner and 10% for SugarLocker.
The success of the operation is partly due to the detection of malware infrastructure on Russian hosting sites. Penetration of the SugarLocker control panel was made possible due to an error in the configuration of the web server, which allowed the identification of program operators. The investigation led to the identification of several individuals who were engaged not only in promoting their cryptographer, but also in developing custom malware, creating phishing sites and attracting traffic to fraudulent schemes.
In January 2024, three members of the group were arrested. During the search, laptops, mobile phones and other evidence of illegal activities were found. One of the detainees, 34-year-old Alexander Ermakov, is known under the pseudonyms blade_runner, GistaveDore, GustaveDore and JimJones. Earlier it became known that Ermakov was behind the attacks on Medibank Private, which revealed the personal data of almost 10 million Australians. In response, the Australian government launched an offensive operation against cybercriminals for the first time.
The defendants in the case were charged under Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution of malicious computer programs", which implies a penalty of up to 7 years in prison. The investigation is currently ongoing.
Russian law enforcement agencies, together with F. A. C. C. T. specialists, have arrested members of the SugarLocker cybercrime group. The group disguised itself as a legitimate IT company Shtazi-IT, which offers the development of landing pages, mobile applications, scripts, parsers, and online stores.
The investigation revealed that the SugarLocker ransomware program (Encoded01) was created in early 2021, but was not initially actively used. In November of the same year, a user under the pseudonym "GustaveDore" on the underground RAMP forum presented a partner program based on the Ransomware-as-a-Service (RaaS) model, calling for cooperation to use the SugarLocker cryptographer.
The ad stated that the group penetrates victims networks through RDP (Remote Desktop Protocol) and offers partners 70% of revenue, leaving 30% for SugarLocker. When revenue exceeds $5 million, the profit distribution changes by 90% in favor of the partner and 10% for SugarLocker.
The success of the operation is partly due to the detection of malware infrastructure on Russian hosting sites. Penetration of the SugarLocker control panel was made possible due to an error in the configuration of the web server, which allowed the identification of program operators. The investigation led to the identification of several individuals who were engaged not only in promoting their cryptographer, but also in developing custom malware, creating phishing sites and attracting traffic to fraudulent schemes.
In January 2024, three members of the group were arrested. During the search, laptops, mobile phones and other evidence of illegal activities were found. One of the detainees, 34-year-old Alexander Ermakov, is known under the pseudonyms blade_runner, GistaveDore, GustaveDore and JimJones. Earlier it became known that Ermakov was behind the attacks on Medibank Private, which revealed the personal data of almost 10 million Australians. In response, the Australian government launched an offensive operation against cybercriminals for the first time.
The defendants in the case were charged under Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution of malicious computer programs", which implies a penalty of up to 7 years in prison. The investigation is currently ongoing.
