Romanian law enforcement authorities have arrested a ransomware affiliate on suspicion of hacking and stealing sensitive information from the networks of several leading companies around the world, including a large Romanian IT company with customers of retail, energy and utility sectors.
The 41-year-old Romanian national was stopped Monday morning at her home in Craiova, Romania, by the DIICOT (Romanian Directorate for the Investigation of Organized Crime and Terrorism) and judicial police officers, on suspicion of unauthorized access to a computer system, unauthorized transfer of computer data, illegal interception of a computer transmission, and blackmail.
“The suspect, by various methods, managed to gain access to the computer networks of certain companies (medium and large) in Romania, but also in other states, from where he extracted large volumes of data”, DIICOT noted.
“The suspect would then demand a large cryptocurrency ransom, threatening to disclose the stolen data on cybercrime forums if his demands were not met,” according to Europol. added.
Ransomware Affiliate Apprehended stole a wide range of sensitive information systems of its targets according to the Romanian National Police, including financial information of companies, personal information of employees and details of customers.
DIICOT carried out the investigation within the framework of the European Multidisciplinary Platform against Criminal Threats (EMPACT) with the assistance of the FBI and Europol’s EC3.
Track arrests of REvil and GandCrab affiliates
It is currently unclear which ransomware gang the suspect was working with, the only detail being that the hacker was targeting high profile companies.
This matches previous arrests made by Romanian law enforcement last month, November 8, when they apprehended two suspects suspected of being affiliates of the Sodinokibi / REvil ransomware.
On the same day, Kuwaiti authorities also arrested a GandGrab ransomware affiliate, believed to be behind the three. around 7,000 attacks and demanded more than 200 million euros in ransom.
“All of these arrests follow joint efforts by international law enforcement agencies to identify, wiretap and seize some of the infrastructure used by the Sodinokibi / REvil ransomware family, which is seen as GandCrab’s successor.” , Europol said.
U.S. Deputy Attorney General Lisa Monaco also said in November that the US to crack down on ransomware activity in an interview with The Associated Press.
While major ransomware gang operators remain safe in Russia, these recent arrests show law enforcement around the world is now disrupting their Ransomware-as-a-Service (RaaS) operations by shutting down affiliates located around the world.
- REvil ransomware affiliates arrested in Romania, Kuwait
- FBI seizes $ 2.3 million from affiliate of REvil and Gandcrab ransomware gangs
- Ransomware week – November 12, 2021
- FBI seized $ 2.2 million from ransomware gang affiliate REvil and Gandcrab
- Russia Arrests REvil Ransomware Gang Members, Seizes $6.6 Million