Skip to main content

Authorities crack multi-million euro ransomware plot

Spanish authorities and the European Cybercrime Centre at Europol have announced the successful break up of a highly profitable cybercrime network that extorted money through convincing ransomware.

The creator of the virus, a 27-year-old Russian man, was arrested in the United Arab Emirates in December over the incident, and ten more members of his criminal gang were detained in Spain’s Costa del Sol last week. The group comprised six more Russians, two Ukrainians and two Georgians, who spread the malware across computers in over 30 different countries.

The ransomware deployed in the operation came in 48 different variants, each time posing as a message from the police accusing the victim of visiting illegal websites containing child abuse material or file sharing facilities, and demanding a fine was paid for the offence. Ransomware can completely paralyse a victim’s computer, locking them out until they pay the fee demanded.

Investigators believe the attacks were made particularly convincing as some of the victims may have been visiting illicit sites when originally catching the malware, while the police messages were often tailored specifically for the user’s location.

"It's impossible to know for sure how many citizens were affected by this, but we estimate hundreds of thousands of Europeans were," Europol Director Rob Wainwright said at a news conference in Madrid on Wednesday.

“If we take into account that the average fine was 100 euros [£86] and 3 per cent...paid it, then the estimated damage is millions of euros," he added, before revealing his own name had been used to dupe victims in the plot.

Since the virus was first detected in May 2011, over 1,200 cases have been reported in Spain alone, though Europol thnks the number of users affected could be far higher. In addition to drawing payment, the malware also stole sensitive data from the infected machines.

The case’s successful conclusion is one of the first reported since the new European Cybercrime Centre (above) opened at the Hague, Netherlands last month.