Kripos has found those behind the ransomware attack against Hydro and believes “Norway’s largest data crime case” has been solved. It remains to condemn the officials.
– We think the case has been basically clarified, in the sense that we roughly know what, how and who is behind it. But the case is not over yet. Contentment is the goal. We are working to catch several of the main perpetrators. The aim is to bring the cases to court in Ukraine and Switzerland, Operations Prosecutor Knut Justin Steinan said about the Hydro V. Kripos case during a seminar on Thursday.
A total of 56 suspects have so far been named and designated – among them money launderers and cryptocurrency players who in such cases contribute to the mixing, exchange and payment of cryptocurrencies.
Read also
Water conflicts in the rainforest: – We are in their area
I think they know who is behind it
Police believe they have identified five men who carried out the attack himself. It had been going on for three and a half months when an infected attachment in an email was brutally murdered.
“These are the people we believe are grounded for prosecution for carrying out the attack,” Stanan says.
In addition, a small number of people are suspected of contributing, among other things, by providing the services, malware and infrastructure that made the attack possible. These are people with “clear criminal intent” who have been in contact with people Krepos believes are central to the case.
ransom demand
Four years after the alarm went off at Hydro on Vækerø and at Kripos in Helsfyr, Sætnan was able to tell about the careful investigation that led to the identification of a number of suspected perpetrators in Ukraine, as well as a Ukrainian citizen residing in Switzerland. The incredible ransomware issue crippled all digital communications and activity at Hydro for several months in the spring and summer of 2019.
– This started in one of our USA factories. Later, the virus spread throughout the organization and affected several parts of the business in both the US and Europe, Hydro CFO Eivind Kallevik told NTB the same day that the attack was real.
At the same time that the ransomware encrypted files in Hydro’s global computer system, the perpetrators demanded a ransom in exchange for the decryption key. The amount had to be paid in Bitcoin. The Water Department was to find out the extent of this by contacting the perpetrators.
Only last fall did the police manage to hand over encryption keys to Hydro. They were grabbed from the servers of the person who lives in Switzerland.
Read also
Five years after the water scandal in Brazil: – As if we didn’t exist
Ukraine was the epicenter
– We quickly realized that Ukraine was the epicenter in this case, and that we had to get there in order for the investigation to progress, says Sætnan.
Two and a half years after the attack on Hydro, ten Kripos officials campaigned on October 26, 2021. Together with 45 foreign police officers and a hundred Ukrainian police officers, they entered 14 addresses in Ukraine and one in Switzerland.
Kripos’ electronic unit, NC3, led the investigation, which was conducted in cooperation with police in France, Great Britain and Ukraine, as well as the United States, the Netherlands and Switzerland. Action in October two years ago led to Kripos returning 88 servers to Norway for analysis in connection with the investigation.
– The case is still under investigation and there is a lot of work to be done. Among other things, we are working to arrest several perpetrators. Stanan asserts that the aim is to obtain convictions in Ukraine and Switzerland.
The organized criminals behind the attack are suspected of being behind similar data attacks against 1,800 individuals and companies in 71 countries. After the action in 2021, many encryption keys were mined, so that affected companies could get help to unlock the encryption and access their data again. We are talking about both Norwegian and international companies, according to Krepos.
“Coffee trailblazer. Certified pop culture lover. Infuriatingly humble gamer.”
