Authorities Dismantled SugarLocker Ransomware Group

Russian authorities have successfully dismantled a notorious ransomware gang known as SugarLocker, arresting three of its alleged members.

The group, which masqueraded as a legitimate tech company named Shtazi-IT, specialized in the development of various digital services, including landing pages, mobile apps, and online stores.

This operation marks a critical step in the global fight against ransomware, highlighting the increasing effectiveness of law enforcement in tracking and neutralizing cyber threats.

The Arrests and Investigation

The arrests were the culmination of a collaborative investigation involving F.A.C.C.T., a Russia-based cybersecurity firm, and other authorities.

F.A.C.C.T. played a pivotal role in uncovering the activities of the SugarLocker gang. The individuals apprehended were known by the nicknames blade_runner, GustaveDore, and JimJones.

They face charges related to the creation, use, and distribution of malicious computer programs, with potential prison sentences of up to four years if found guilty.

The investigation remains ongoing, with authorities continuing to gather evidence and explore the full extent of the group’s activities.

SugarLocker’s Operations

SugarLocker has been active since at least 2021, operating under the ransomware-as-a-service (RaaS) model. This approach involves offering malicious tools for a fee or a share of the ransom payments collected by criminals.

The group’s malware primarily targeted victims through the Remote Desktop Protocol (RDP), allowing for remote access and control over computers.

Notably, SugarLocker pledged not to attack Eastern European countries, with the exception of the Baltic States and Poland and did not operate a data leak site, making it challenging to identify their victims.

The group’s profit-sharing model was particularly lucrative, receiving 30% of its customers’ profits or 10% if they exceeded $5 million.

This financial motivation underscores the purely business-oriented nature of their operations, as stated in their ransom note: “It’s just a business. We absolutely do not care about you and your deals… If you do not cooperate with our service, for us, it does not matter. But you will lose your time and data.”

The dismantling of the SugarLocker ransomware group is a significant victory for cybersecurity and law enforcement agencies worldwide.

It sends a strong message to cybercriminals about the increasing risks of engaging in ransomware activities and the growing capabilities of authorities to track and prosecute them.

This operation also highlights the importance of international collaboration and the role of private cybersecurity firms in combating cyber threats.

As the investigation continues, the cybersecurity community will be watching closely for further developments and insights into the tactics and strategies employed by ransomware gangs.

The success of this operation may also encourage more proactive measures and cooperation between different countries and organizations to address the global challenge of ransomware.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.