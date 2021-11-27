The wide-ranging investigation involved eight countries, prompting authorities to arrest a dozen suspects in Ukraine and Switzerland in late October.

An increase in the frequency and extent of ransomware attacks has prompted the US and its allies to commit to working closely together to track and stop ransomware groups and to discuss harmonizing cryptocurrency rules that hackers use to receive payments discreetly from their victims.

However, the timeline of the Norsk Hydro case highlights the complex nature and often slow pace of international law enforcement investigations, which must follow strict legal requirements. In addition to Norway, Ukraine and Switzerland, the Norsk Hydro investigation involved authorities from France, the Netherlands, Germany, the United Kingdom and the United States.

Now, prosecutors in Norway, France, the UK and Ukraine will evaluate the evidence gathered and decide how to proceed.

“International police co-operation takes a lot of time,” said Knut Jostein Saetnan, a Norwegian prosecutor involved in the case.

When Norsk Hydro was hit in 2019, its worldwide operations were discontinued after the company moved to contain ransomware. Norwegian investigators arrived at her offices to gather information about the hacking.

Jo De Vliegher, then head of information at Norsk Hydros, said at the time that investigators discovered that hackers had posed as legitimate users on the company’s network to launch ransomware.

Intruders entered the company system in December 2018 via an infected email that appeared to be coming from a business partner. The attackers removed the employees from the company systems, making their work impossible. Norsk Hydro said in March that the incident cost them between 800 million and 1 billion Norwegian kroner, currently equivalent to 90 million and 112 million dollars.

The cyber technology and security staff at Norsk Hydro split into three groups after the attack. One worked to fix the problems caused by the hack, the other did forensic work on how it happened, and the third focused on rebuilding the technology, spokesman Halvor Molland said.

Norsk Hydro easily shared the conclusions from its internal investigation with Norwegian investigators, Mr Molland said. However, authorities in Norway had to wait until Norsk Hydro restored its systems before receiving much of the evidence from the company, said Mr Saetnan, the Norwegian prosecutor.

It became clear that the case is likely to take years, he added.

Meanwhile, French investigators realized that a ransomware case they were working on was linked to the Norsk Hydro incident and sought to combine investigations, said Baudoin Thouvenot, a judge representing France at Eurojust, the European agency that coordinates cross-border judicial work. .

Eventually, more national authorities contributed evidence from their jurisdictions.

At some point, Norwegian authorities were told they had to wait to get evidence because criminal laws in some of the countries involved required a court decision to split the evidence, Mr Saetnan said. This often happens in international cases, he said.

When it comes to cybercrime, they were actually blind without the cooperation and information received from [other] countries “, he said.

Limited travel opportunities amid the Covid-19 pandemic also slowed the case. Officials often met through videoconferencing, but discussed some sensitive information only in person.

The co-operation eventually led to police raids. In the early morning of October 26, police in Ukraine entered the homes of the suspects, apprehending 11. Swiss authorities made an arrest that day.

In The Hague, where Eurojust is headquartered, Mr. Thouvenot, the French judge, was on call from 6am until about 7pm to help with any legal issues. In other international cases, said Mr. Thouvenot, police have arrived at a suspects’ home to find out the person has fled the scene. In those cases, officials should promptly seek orders and assistance in another jurisdiction. Nothing like that happened this time, he said.

Mr Saetnan, the Norwegian prosecutor, said he spent the day at the Ukrainian police headquarters against cybercrime in Kiev and worked for 13 or 14 hours, waiting for evidence to be seized. Police seized more than $ 52,000 in cash, five luxury vehicles and some electronics, according to the European police agency Europol. A video posted a few days after the raids by Ukrainian police showed authorities taking laptops, tablets, cell phones and money in dollars and euros.

So far, Mr. Saetnan said his office has only received some evidence obtained from the equipment. Prosecutors must make requests for evidence under so-called reciprocal legal aid treaties. The process can take months, sometimes longer, because the justice or police departments that handle such requests are often overdue.

Mr De Vliegher, the former CIO of Norsk Hydros, said he was relieved that the suspects had been apprehended. “Police and companies need to use this opportunity to better understand how these people work, to understand their weaknesses and how similar groups can be found,” he said. August, is an executive advisor for cyber security in cybernetics Risk management company Istari Global Ltd., which has offices in Singapore, UK and USA

“It’s very important that this leads to punishment and it is a hindrance to other people,” he said. “We need to get to the point where cybercrime is punishable.”

This story was published by an electronic agency source without any modifications to the text

Subscribe to Mint Newsletters * Enter a valid email * Thank you for subscribing to our newsletter.