European Police Shut Down Ransomware Scam

Eleven people from Russia, Georgia and Ukraine have been arrested.
Posted February 14, 2013

Cynthia Harvey

Europol and the Spanish police have arrested 11 individuals for taking part in an elaborate ransomware scam. The scheme brought in more than a million euros per year by sending PC users fake fine notifications that appeared to come from authorities.

PCMag's Stephanie Mlot reported, "A complex cyber-crime network that spread 'police ransomware' has been shut down, according to the European Cybercrime Centre. Europol and the Spanish Police on Wednesday apprehended 11 people from Russia, Georgia, and the Ukraine, who allegedly affected tens of thousands of global computers and earned profits higher than 1 million euros per year."

The BBC explained, "Software planted on targeted machines accused the user of having viewed illegal content, such as images showing child sex abuse, Europol said. It then told the user to pay a 'fine' before continuing to use the machine. A Europol statement said: 'By dressing the ransomware up to look as if it comes from a law enforcement agency, cybercriminals convince the victim to pay the 'fine' of 100 euros [$130; £85] through two types of payment gateways -- virtual and anonymous -- as a penalty for the alleged offence. The criminals then go on to steal data and information from the victim's computer.'"

According to The Guardian's Charles Arthur, "The 11-strong gang laundered more than a million euros per year since mid-2011, sending money back to Russia. The leader, a 27-year-old Russian, was arrested while on holiday in Dubai in the United Arab Emirates in December on an international arrest warrant. Spain is seeking his extradition. On Wednesday the rest of the group – six Russians, two Ukrainians and two Georgians – were rounded up by Spanish police in the Costa del Sol."

The Register's John Leyden noted, "Law enforcement agencies in Spain first became interested in the Reveton malware after hundreds of complaints from victims of the scam starting flooding in at the beginning of 2011. Trend Micro and the Spanish agencies worked with the European Cybercrime Centre (EC3) at Europol in an operation coordinated by Interpol over the months that followed -- sharing intelligence, samples and related technical detail. Police said the research allowed them to map of the criminal network infrastructure including traffic redirection and command-and-control servers. They then conducted raids on premises, seizing IT equipment and credit cards used to cash out the money that victims had paid."

Tags: malware, Europe, cybercrime, ransomware

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.