Ethical hacker among 3 arrested for blackmail and ransomware attacks

The suspects are allegedly involved in hacking, issuing threats, stealing data, laundering money, and extorting
The ethical hacker reportedly works for the Dutch security organization, the Dutch Institute for Vulnerability Disclosure (DIVD).

Amsterdam’s cybercrime police arrested three individuals suspected of launching ransomware attacks against businesses in the Netherlands and worldwide. The suspects are allegedly involved in hacking, issuing threats, stealing data, laundering money, and extorting. These criminals extorted small and large businesses worldwide after hacking into their networks, generating €2.5 million.

Suspects Details

The detainees are all young males aged between 18 and 21. They were arrested on January 23rd, 2023 and are accused of stealing the private information of tens of millions of users from their targeted networks and blackmailing the victims for ransom.

The 21-year-old hailed from Zandvoort and was in contact with an 18-year-old suspect from Rotterdam; the third, also 18, was arrested in Naaldwijk. One of the suspects is an ethical hacker who works for the Dutch security organization, the Dutch Institute for Vulnerability Disclosure (DIVD).

The accused are detained in restrictive custody and can only contact their lawyer. The accused arrested in Zandvoort had 45,000 euros in cash and 550,000 euros worth of Bitcoin. Reportedly, the accused used Bitcoin to launder €2.5 million.

Stolen Data

According to Dutch media, thousands of businesses were targeted, including online stores, social media networks, training and educational institutions, software firms, hotels, and critical infrastructure and services-related entities.

Moreover, the accused damaged property worth millions of euros. The stolen data includes names, addresses, dates of birth, phone numbers, credit card numbers, passwords, bank account details, license plate numbers, passport data, and citizen identification numbers. The victims paid large sums to the hackers, sometimes as much as €700,000. 


The investigation was launched in March 2021 by the Amsterdam Police Cybercrime Division after receiving a report from a prominent Dutch firm. The firm reported that its computer systems had been hacked and a trove of data had been stolen.

Dutch police noted that private and sensitive data had been stolen, and national and international businesses had become victims of hacking and data theft.

One of the victim organizations is Ticketcounter, which sells amusement park and zoo tickets online. Troy Hunt of HaveIbeenPwned also tweeted about the Ticketcounter data breach on March 1st, 2021.

I’ve spent a bunch of time talking to Ticketcounter over the last week, and this is a really tough situation for them. The exposed database was human error; one bad mistake made in August last year that’s now come back to bite them nearly 7 months on.

— Troy Hunt (@troyhunt) March 1, 2021

Other victims include a reputed educational institution and a meal-delivery service. Further probing revealed that the hackers had invaded the computer systems of their targets and sent a threatening email, asking the victims to pay a ransom in Bitcoin; otherwise, they would destroy the company’s digital infrastructure or leak the data online. Many victims paid the ransom.

“According to what we know so far, the demand ranges from more than €100,000 to €700,000 and, in addition, the stolen information has often already been sold online,” investigators revealed.

Dutch Police Tackle Cybercrime

Although cybercrime in the Netherlands, like any other country, has increased in recent years, Dutch authorities are known for playing a major role in tackling it locally and globally. In fact, Dutch police were behind the shutdown and seizure of the infamous and one of the largest dark web marketplaces Hansa.

Back in April 2020, Dutch authorities took down 15 DDoS-for-hire services. It took them merely one week to complete the operation. Most recently, in October 2022, Dutch police were even able to successfully trick the Deadbolt ransomware gang into sharing decryption keys.

Related Posts