Dutch police help bust Romanian ransomware gang

A gang of Romanian cyber criminals suspected of infecting computers in the Netherlands, Belgium, Italy, and the United States with ransomware, was busted in Romania last week in coordinated investigations by the Dutch, Romanian, British, and American authorities and Europol, the Dutch police said in a statement.

The gang is suspected of spreading CTB-Locker and Cerber ransomware in various countries through phishing emails. Ransomware is a form of malware that blocks access to an infected computer's files and systems. The victim is then asked to pay a 'ransom' amount to regain access to his or her computer. 

Last week the Romanian authorities raided the homes of a number of people suspected of being involved in this cybercrime gang. Three people were arrested, and six others were taken into custody for questioning. 

The Dutch police first launched an investigation into CTB-Locker in 2015 after receiving numerous reports of Dutch computers infected with the ransomware. Nearly 200 victims filed reports about the ransomware with the police, but the police believe the actual number of victims is much higher. Intensive investigation led the police to the group of Romanians. The Dutch authorities, and authorities in other countries, hereby transferred information about their ongoing investigations to the Romanian authorities, who launched their own investigation. 

In addition to spreading CTB-Locker ransomware, two of the suspects in the Romanian group are also suspected of spreading Cerber in the United States. The United States Secret Service launched an investigation into this ransomware, and when it was revealed that the suspects belong to the same group of Romanians that spread the CTB-Locker ransomware in Europe, the authorities in the various affected countries decided on closer coordination in their separate investigations, according to the Dutch police. 

In the actions in Romania last week, two suspects managed to get away. The U.S. authorities put them on the international wanted list, and they were arrested on December 15th at an airport in Bucharest. 

"The international investigation continues into other spreaders and eventually the makers of the CTB-Locker ransomware", the police said. The suspects already arrested will be prosecuted in Romania. 


Related stories