Romanian authorities have arrested three suspected cyber-criminals on charges of spreading ransomware.
Two other suspects from the same criminal group were arrested in Bucharest in a parallel ransomware investigation linked to the US, according to Europol.
In a search of six houses, investigators seized a significant amount of hard drives, laptops, external storage devices, cryptocurrency mining devices and numerous documents. The criminal group is being prosecuted for unauthorized computer access, serious hindering of a computer system, misuse of devices with the intent of committing cybercrimes and blackmail.
In early 2017, the Romanian authorities received detailed information from the Dutch High Tech Crime Unit and other authorities that a group of Romanian nationals were involved in sending spam messages. This spam was specifically drafted to look like it was sent from well-known companies in countries like Italy, the Netherlands and the UK. The intention of the spam messages was to infect computer systems and encrypt their data with the CTB-Locker ransomware, aka Critroni. Each email had an attachment, often in the form of an archived invoice, which contained a malicious file. Once this attachment was opened on a Windows system, the malware encrypted files on the infected device. More than 170 victims from several European countries have been identified to date, Europol said.
In addition to the spread of CTB-Locker, two people within the same Romanian criminal group are also suspected of distributing the Cerber ransomware to a large number of computer systems in the United States. After US authorities issued an international arrest warrant for the two suspects, they were arrested in Bucharest while trying to leave the country.
In both cases, the perpetrators were using a ransomware-as-a-service offering.
The law enforcement operation, dubbed Bakovia, was a joint investigation carried out by the Romanian Police, the Romanian and Dutch public prosecutor’s office, the Dutch National Police, the UK’s National Crime Agency, the FBI and the support of Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT).