Europol has confirmed arresting a Romanian national for targeting an IT firm in the country.
The U.S. and European law enforcement authorities collaborated to arrest a suspected ransomware affiliate member for targeting Romanian firms in an IT supply chain attack. The operation was led by Europol’s European Cybercrime Centre (EC3), and the Romanian National Police and U.S. Federal Bureau of Investigation (FBI) participated in the investigation.
EC3 revealed that it supported the JIT (joint investigating team) by providing cryptocurrency tracking, analytical, forensic, and malware analysis support and sent two experts to Romania who helped authorities seize cryptocurrency assets and conduct forensic analysis.
Third Romanian National To be Arrested
According to Europol’s press release, the arrested suspect targeted a high-profile IT firm in Romania, which provides IT services to retail, utility, and energy sector corporations. Reportedly, he is the third Romanian arrested for serving as a ransomware affiliate.
According to Europol, EU’s premier law enforcement agency, the suspect hacked several organizations and stole large amounts of sensitive data. The arrest was made by the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) after conducting a joint investigation with the FBI.
A month before, Romanian police arrested two REvil ransomware affiliates suspected to have launched around 5,000 ransomware attacks and extorted $600,000 from victims. It is yet unclear which ransomware gang the third suspect worked for.
About the Suspect
The 41-year-old suspect was arrested yesterday morning from his residence in Craiova, Romania. According to Europol, the arrested Romanian national deployed crypto-ransomware and stole sensitive data, including personal information of company employees and customers, financial data, and other files from different IT firms located in Romania and abroad.
The detainee used double extortion tactics and threatened the victims to publish the data on a data leak forum if they refused to pay the ransom. However, authorities didn’t explain whether the suspect blackmailed all the victims of just the IT firm he targeted.
“The information stolen included the companies’ financial information, personal information about employees, customers’ details, and other important documents. The suspect would then ask for a sizeable ransom payment in cryptocurrency, threatening to leak the stolen data on cybercrime forums should his demands not be met,” Europol’s official statement read.