top of page


  • Marijan Hassan - Tech Journalist

Suspected Conti and LockBit henchman arrested in Ukraine police raid

Ukrainian cyber police have arrested a 28-year-old man suspected of aiding notorious ransomware outfits Conti and LockBit. The suspect, whose name hasn't been released, is believed to have played a crucial role in their cyberattacks by creating tools to mask malware, making it harder for security software to detect.

Authorities allege the man, a resident of Kyiv, specialized in developing "cryptors" – malicious software designed to scramble computer code and render malware unrecognizable to antivirus programs. This "encryption" allows the malware to bypass security defenses and infect computer systems more easily.

According to a Ukrainian police statement, the suspect "sold his services for a reward in cryptocurrency to hackers connected to the Russia-linked Conti and LockBit ransomware groups." This suggests the man may have operated as a freelancer within the cybercriminal ecosystem, offering his encryption expertise to the highest bidder.

The arrest is part of a wider international effort to crack down on ransomware gangs. Conti, in particular, has been responsible for high-profile attacks on critical infrastructure, including healthcare providers and government agencies, across the globe. In 2022, the U.S. offered a reward of up to $10 million for information on the identification and location of any individual who holds a Conti leadership position.

LockBit, another major player, has also targeted various organizations with ransomware attacks demanding exorbitant sums for decryption. Some of its targets include Boeing and the U.K.’s Royal Mail. The gang’s extortion site was seized in February, but it is believed the group reorganized and came back in May.

Dutch police in their statement noted that the arrest was part of “Operation Endgame” — one of the largest international law enforcement actions against botnets that culminated in raids across Kyiv and Kharkiv. Authorities took down or disrupted 100 servers used by criminals and seized over 2,000 malicious domains. Further analysis of these items may reveal the full extent of the arrested person’s contributions to Conti and LockBit's operations.

“The Dutch investigative services are very pleased with the arrest in Ukraine and are grateful for the space that the Ukrainian police have found for this in times of war,” the statement said.

The arrested individual has been specifically charged for his involvement in Conti attacks on the Netherlands and Belgium. No specific companies have been mentioned, but the Dutch police statement said it was a Multinational company that was compromised in 2021.


bottom of page