Authorities in Romania have detained a ransomware associate accused of hacking and stealing sensitive information from the networks of many high-profile firms worldwide, including a big Romanian IT firm with clients in the energy, retail, and utility sectors.
On Monday morning, the DIICOT (the Romanian Directorate for Investigating Organized Crime and Terrorism) and judicial police officers detained the 41-year-old Romanian national at his house in Craiova, Romania. He is accused of illegal access to a computer system, unauthorized data transfer, illegal interception of a computer message, and blackmail.
According to DIICOT, the suspect used several techniques to acquire access to the computer networks of some firms (medium and big) in Romania, and other countries, from which he took enormous amounts of data. Europol said that the culprit would then demand a large cryptocurrency ransom payment, threatening to disclose the stolen material on cybercrime forums if his demands were not satisfied.
According to the Romanian National Police, the detained ransomware affiliate took a wide range of sensitive data from its targets’ computers, including financial, personal, and customer information.
With the cooperation of the FBI and Europol’s EC3, DIICOT investigated the European Multidisciplinary Platform Against Criminal Threats (EMPACT) framework. The ransomware gang with which the suspect was associated is unknown at this time; the only information available is that the hacker was targeting high-profile firms.
This is consistent with Romanian law enforcement’s arrests last month, on November 8, of two persons suspected of being Sodinokibi/REvil ransomware affiliates. In an Associated Press interview, US Deputy Attorney General Lisa Monaco stated that the US would crackdown on ransomware activity.
While the primary ransomware gang operators remain safe in Russia, these new arrests illustrate that law enforcement agencies throughout the world are now interrupting their Ransomware-as-a-Service (RaaS) activities by arresting affiliates all over the world.