TLDR:

• Russian authorities dismantled the SugarLocker ransomware group, arresting three alleged members.
• SugarLocker operated under the ransomware-as-a-service model and targeted victims through RDP.

Authorities Dismantled SugarLocker Ransomware Group

Russian authorities successfully dismantled the notorious ransomware gang known as SugarLocker by arresting three of its alleged members. The group posed as a legitimate tech company named Shtazi-IT and specialized in developing digital services like landing pages and mobile apps.

The Arrests and Investigation

The arrests were the result of a collaborative investigation involving a Russia-based cybersecurity firm, F.A.C.C.T., and other authorities. The arrested individuals face charges related to the creation, use, and distribution of malicious computer programs. The investigation is ongoing to uncover the full extent of the group’s activities.

SugarLocker’s Operations

SugarLocker operated under the ransomware-as-a-service model, targeting victims through RDP for remote access. They did not attack Eastern European countries except for the Baltic States and Poland and operated without a data leak site, making it hard to identify victims. Their profit-sharing model was lucrative, receiving a percentage of customers’ profits.

The dismantling of the SugarLocker ransomware group is a significant victory for cybersecurity globally. The operation shows the increasing risks for cybercriminals and the improving capabilities of authorities to track and prosecute them. International collaboration and private cybersecurity firms play a crucial role in combatting cyber threats, making the cyberspace safer for everyone.