Arrest in Romania of a ransomware affiliate scavenging for sensitive data
The following is a press release:
Europol’s European Cybercrime Centre (EC3) has supported the Romanian National Police (Poliția Română) and the US Federal Bureau of Investigation (FBI) in arresting a ransomware affiliate targeting high-profile organisations and companies for their sensitive data.
The suspect – a 41-year-old Romanian national – was arrested today at his home in Craiova, Romania, in the early hours of the morning.
Ransomware with blackmail
The criminal is suspected of having compromised the network of a large Romanian IT company delivering services to clients in the retail, energy and utilities sectors.
He is then believed to have deployed ransomware and stolen sensitive data from the IT company’s clients located in Romania and abroad, before encrypting their files. The information stolen included the companies’ financial information, personal information about employees, customers’ details and other important documents.
The suspect would then ask for a sizeable ransom payment in cryptocurrency, threatening to leak the stolen data on cybercrime forums should his demands not be met.
Europol’s EC3 supported this investigation by:
- Providing analytical, cryptocurrency tracing, malware analysis and forensic support;
- Deploying two of its experts to Romania to provide advance forensic support and to help with crypto-asset forfeiture.
This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
Related: Romanian National Police