German and Ukrainian police raided the homes of individuals linked to a prominent cybercrime group that stole millions from large companies and organizations over the course of several years. The authorities worked with Europol and the FBI last month to investigate the residences of members of the hacking group, which often goes by the names Indrik Spider, Double Spider, and Grief.

The cybercriminal group distributes ransomware through emails containing documents with malicious code, granting them access to a target’s systems once downloaded. It then threatens to leak sensitive company data unless it receives payment. Europol estimates that victims of the cybercrime group’s attacks in the US paid at least €40 million (~$42.7 million USD) between May 2019 and March 2021, while German authorities counted 601 victims in total.

Three Russian nationals with ties to the group are still at large

On February 28th, German and Ukrainian police conducted simultaneous raids on the homes belonging to two suspected members. However, Daniela Dässel, a spokesperson for Germany’s North Rhine-Westphalia (NRW) State Police Force, tells The Verge that authorities haven’t made any arrests yet, and the suspects were released after questioning.

Meanwhile, three Russian individuals with ties to the group are still wanted by international authorities. Both Germany and Ukraine are currently analyzing the seized evidence to locate other group members and determine their roles.

“Perpetrators can be sure that the fight against this crime does not stop at the borders, but takes place across borders,” Ingo Wünsch, the director of Germany’s State Criminal Police Office, says in a machine-translated statement. “Companies, institutions and authorities have to protect their digital world.”