Europol today announced the arrest of 12 people suspected of being involved in global ransomware activities.

According to Europol’s press release, the cybercriminals are said to have hit more than 1,800 victims in 71 nations, most of whom are large companies and critical infrastructure.

The operation took place last October 26 in Ukraine and Switzerland. Authorities also seized five luxury vehicles, more than $52,000 and electronic devices, all of which are being forensically examined.

According to initial investigations, the 12 arrested demonstrated various skills that are crucial in the field of cybercrime: penetration tests to compromise the attacked companies by means of brute force attacks, SQL injections, phishing email campaigns and theft of access data to compromise systems.

In an attempt to go undetected and extend their privileges in the compromised systems, according to Europol, many of the suspected suspects have used the Cobalt Strike post-exploitation framework and used malware such as the notorious Trickbot.

According to McAfee’s latest Advanced Threat Research Report, 73% of ransomware attacks were related to the REvil / Sodinokibi gang.