An arrest of a suspected ransomware affiliate was made by Europol’s European Cybercrime Centre in collaboration with the Romanian National Police and Federal Bureau of Investigation (FBI). The suspect was accused of stealing highly sensitive data from several organizations.
⚠️ Europol’s #cybercrime centre @EC3Europol supported 🇷🇴 @_PolitiaRomana_ & 🇺🇸 @FBI in the arrest of a ransomware affiliate this morning.
The suspect is believed to have compromised the network of a large Romanian IT company.
Details ➡️ https://t.co/uWSHad80BX #EMPACT pic.twitter.com/qncNuSdP5r
— Europol (@Europol) December 13, 2021
According to Europol’s press release, an arrest of a 41-year old Romanian man has been made in Craiova, Romania. He was accused of compromising the network of one f the largest Romanian IT company which offer services to clients in various sectors such as retail, utilities, and energy.
The suspect was indicted to attack various organizations with different ransomware attacks and steal sensitive information. He was also suspected of demanding ransom payments in cryptocurrency and threatened the victim to leak the stolen data if the extortion money wasn’t delivered.
According to the report, the information stolen by the suspect included financial data about the organization, confidential information about workers, client details, and other sensitive details.
The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) held out the investigation in the European Multidisciplinary Platform Against Criminal Threats (EMPACT) framework with the help of the FBI and Europol’s EC3.
The suspect affiliate to any particular ransomware gang is still unconfirmed at this point. However, this lines up with the previous arrest made by the Romanian law enforcement last month, on November 8, when they arrested two suspects thought to be Sodinokibi/REvil ransomware affiliates.
Kuwaiti authorities also arrested a GandGrab ransomware affiliate on the same day. They were assumed to be behind the 7,000 attacks and demanded €200 million ransoms.
According to the Europol:
All these arrests follow the joint international law enforcement efforts of identification, wiretapping, and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family, which is seen as the successor of GandCrab
In November, while speaking to Associated Press, US Deputy Attorney General Lisa Monaco also confirmed that the United States would crackdown on ransomware activities. Earlier this year, President Joe Biden also held a cybersecurity meeting with CEOs of Apple, Microsoft, Amazon, and more to crack down on rising cyberattacks.
While the ransomware gang operators are still safe in Russia, these arrests have confirmed that the law enforcement agencies worldwide are now ready to disturb their Ransomware-as-a-Service (RaaS) operations by capturing affiliates.
Security researchers also found a rise in the activities of Chinese threat actors on Russian forums on the Dark web. Russian threat actors aren’t the only ones targeting European and American companies with cyberattacks. Previously, Irani hackers had been targeting American organizations with Ransomware as well.