Blotter: Ransomware Gang Busted

Monday, February 18, 2013 @ 09:02 AM gHale

Spanish Police, working closely with the European Cybercrime Centre (EC3) at Europol, took apart what they call a large and complex police ransomware cybercrime network.

Police estimate the suspects infected tens of thousands of computers globally, bringing in profits in excess of well over $1 million.

Estonian Guilty Plea for Net Scam
FBI Busts Accused Hacker
Prison Time for PayPal Attack
Guilty Plea in Software Piracy Case

Operation Ransom resulted in 11 arrests; the first was a 27-year-old Russian, responsible for the creation, development and international distribution of the various versions of the malware. Police arrested him in the United Arab Emirates and is currently awaiting extradition to Spain. In addition, one of the criminal network’s largest financial cells in the Costa del Sol ended up taken apart. The Spanish Police also arrested another 10 linked to the financial cell: Six Russians, two Ukrainians and two Georgians, all based in Spain.

Police searched six premises in the province of Málaga, where they found IT equipment believed used for the criminal activities. In addition, investigators seized credit cards used to cash out the money victims paid via Ukash, Paysafecard and MoneyPak vouchers, as well as around 200 credit cards used to withdraw $34,782 in cash prior to the arrests.

The financial cell of the network specialized in laundering the proceeds of their crimes, obtained in the form of electronic money, police said. For this, the gang employed virtual systems for money laundering and other traditional systems using various online gaming portals, electronic payment gateways or virtual coins, police said. They also used compromised credit cards to extract cash from the accounts of ransomware victims via ATMs in Spain. As a final step, daily international money transfers through currency exchanges and call centers ensured the funds arrived at their final destination in Russia.

Police ransomware is a type of malware that blocks the computer, accusing the victims of having visited illegal websites containing child abuse material or file sharing, and requests the payment of fine to unblock it.

By having the ransomware look like it comes from a law enforcement agency, cybercriminals convince the victim to pay the ‘fine’ of $133 through two types of payment gateways — virtual and anonymous — as a penalty for the alleged offence. The criminals then go on to steal data and information from the victim’s computer. Since the virus’ discovery in May 2011, there have been more than 1200 reported cases just in Spain, and the number of victims could be much higher.

Spanish Police headed Operation Ransom, coordinated by Europol and Interpol. Other crucial partners included Eurojust, the attachés of the Ministry of Interior of the Spanish Embassy in Moscow and the Spanish Embassy in the UAE.

Leave a Reply

You must be logged in to post a comment.