Brussels (Brussels Morning) Europol has supported the Romanian National Police — Poliția Română — and the US Federal Bureau of Investigation (FBI) in arresting a ransomware affiliate targeting high-profile organisations and companies for their sensitive data.
The suspect, a 41-year-old Romanian national, was arrested on 13 December at his home in Craiova, Romania, in the early hours of the morning.
Ransomware is a type of malicious attack where attackers encrypt an organisation’s data and demand payment to restore access.
Blackmail
The Romanian criminal is suspected of having compromised the network of a large IT company delivering services to clients in the retail, energy and utilities sectors.
According to Europol, he is believed to have deployed ransomware and stolen sensitive data from the IT company’s clients located in Romania and abroad, before encrypting their files. The information stolen included companies’ financial information, personal information about employees, customer details and other important documents.
The suspect reportedly would then ask for a sizeable ransom payment in cryptocurrency, otherwise threatening to leak the stolen data on cybercrime forums should his demands not be met.
A recent report from the European Union Agency for Cybersecurity (ENISA) revealed that ransomware has been assessed as the prime threat for 2020-2021. The EU agency expects a surge in cybercriminality motivated by monetisation using ransomware or cryptojacking.
Compromise through phishing e-mails, and brute-forcing on Remote Desktop Services (RDP) remain the two most common ransomware infection vectors, ENISA found.
Europol’s support
Europol’s European Cybercrime Centre supported the investigation by providing analytical, cryptocurrency tracing, malware analysis and forensic support. The Centre deployed two of its experts to Romania to provide advance forensic support and to help with crypto-asset forfeiture.
The operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).According ENISA, an ever-increasing number of cyberattacks each year is bound to happen, which, in combination with the lack of appropriate guidelines and trainings, highlights the urgent need for cybersecurity awareness. The EU’s cybersecurity branch predicts that graduates in the field are expected to double in number in the next two-to-three years.