Europol, the European Union’s premier law enforcement agency,
has announced[1]
the arrest of a third Romanian national for his role as a
ransomware affiliate suspected of hacking high-profile
organizations and companies and stealing large volumes of sensitive
data.
The 41-year-old unnamed individual was apprehended Monday
morning at his home in Craiova, Romania, by the Romanian
Directorate for Investigating Organized Crime and Terrorism
(DIICOT[2]) following a joint
investigation in collaboration with the U.S. Federal Bureau of
Investigation (FBI).
It’s not currently known which ransomware gang the suspect was
working with, but the development comes a little over a month after
Romanian authorities arrested two affiliates[3]
of the REvil ransomware family, who are believed to have
orchestrated no fewer than 5,000 ransomware attacks and extorted
close to $600,000 from victims.
Affiliates play a key role in ransomware-as-a-service (RaaS)
subscription-based business models, and are responsible for renting
the toolset from source code owners and launching their own attacks
against a list of targets.
The actors are often recruited by the ransomware operators on
underground forums after vetting their technical skills and their
country of origin, but affiliates also earn a large share of each
successful ransom payment, ranging anywhere between 65 and 90%,
making it an increasingly successful and profitable enterprise for
cybercriminals.
According to Europol, the suspect is said to have targeted a
large Romanian IT company delivering services to clients in the
retail, energy and utilities sectors. Subsequently, the affiliate
deployed ransomware and siphoned troves of data from the company’s
customers located in the country and beyond, before proceeding to
encrypting the files.
“The information stolen included the companies’ financial
information, personal information about employees, customers’
details and other important documents,” Europol said in a
statement. “The suspect would then ask for a sizeable ransom
payment in cryptocurrency, threatening to leak the stolen data on
cybercrime forums should his demands not be met.”
Ukraine Arrests 51 For Selling Stolen Data of 300 Million
People
In a separate law enforcement action, the Cyberpolice Department
of the National Police of Ukraine announced it had arrested 51
people in connection with illegally possessing about 100 databases
containing personal information of more than 300 million citizens
of Ukraine, Europe, and the U.S.
The databases also included “confidential information on
financial and economic activities of individuals and legal
entities, information about customers of banking and commercial
institutions, authorization data on emails, social networks, online
stores and more,” the department said[4]
in a statement.
As part of the operation codenamed “DATA,” the officials
conducted a total of 117 searchers in various parts of the country
and shut down an unnamed website that offered the stolen data —
such as telephone numbers, names, and, in some cases, vehicle
registration information — for sale.
“More than 30 channels of illegal dissemination of information
were blocked during the investigation,” the agency noted, with
Serhiy Lypka, head of the Department for Combating Crimes in the
Field of Computer Systems, stating “the cost of databases ranged
from 500 to 50,000 hryvnias — depending on its content and
commercial value.”
References
Read more https://thehackernews.com/2021/12/ransomware-affiliate-arrested-in.html