Authorities in Europe have detained five people, including a former Russian professional basketball player, in connection with crime syndicates responsible for ransomware attacks.
Until recently, one of the suspects, Daniil Kasatkin, played for MBA Moscow, a basketball team that’s part of the VTB United League, which includes teams from Russia and other Eastern European countries. Kasatkin also briefly played for Penn State University during the 2018–2019 season. He has denied the charges.
Unrelated ransomware attacks
The AFP and Le Monde on Wednesday reported that Kasatkin was arrested and detained on June 21 in France at the request of US authorities. The arrest occurred as the basketball player was at the de Gaulle airport while traveling with his fiancée, whom he had just proposed to. The 26-year-old has been under extradition arrest since June 23, Wednesday's news report said.
US prosecutors accuse Kasatkin of having negotiated ransom payments with organizations that had been hacked by an unnamed ransomware syndicate responsible for 900 different breaches. A US arrest warrant said he is wanted for "conspiracy to commit computer fraud" and "computer fraud conspiracy."
An attorney for Kasatkin said his client is innocent of all charges.
"He bought a second-hand computer," the attorney told reporters. The attorney continued:
He did absolutely nothing. He's stunned. He's useless with computers and can't even install an application. He didn't touch anything on the computer. It was either hacked, or the hacker sold it to him to act under the cover of another person.
US authorities are currently in the process of extraditing Kasatkin.
Authorities in the UK, meanwhile, arrested four individuals in connection with separate and unrelated ransomware operations. The UK's National Crime Agency said the three men and one woman were arrested as part of an investigation into recent ransomware attacks targeting M&S, Co-op, and Harrods. M&S experienced major disruptions in its operations as a result. Both Co-op and Harrods have said damage to their networks was minimized after stopping the attack while it was still in progress.
The attacks were attributed to Scattered Spider, a collective of hackers who use impersonation and phishing tactics to trick call centers and company help desks into granting them access to their networks.
Various people affiliated with Scattered Spider also stand accused of being involved in the 2023 ransomware attacks that shut down operations for MGM Resorts and Caesars Entertainment.
The suspects—two men aged 19, a minor aged 17, and a 20-year-old woman—were not named. A post published Thursday by KrebsOnSecurity identified the two 19-year-olds. The publication also said that one of them was also involved in the MGM attack. It went on to say the other 19-year-old was a "core member" of LAPSUS$, a ragtag group of teens with little or no technical expertise. LAPSUS is behind an attack spree that has breached networks belonging to Microsoft, Okta, Nvidia, Globant, Rockstar Games, Samsung, T-Mobile, and Uber.
It's unknown if any of the suspects have entered pleas.
Ukrainian tech gets $58.5 million boost from global backers