Europol, the European Union’s premier law enforcement agency, has announced the arrest of a third Romanian national for his role as a ransomware affiliate suspected of hacking high-profile organizations and companies and stealing large volumes of sensitive data.
The 41-year-old unnamed individual was apprehended Monday morning at his home in Craiova, Romania, by the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) following a joint investigation in collaboration with the U.S. Federal Bureau of Investigation (FBI).
It’s not currently known which ransomware gang the suspect was working with, but the development comes a little over a month after Romanian authorities arrested two affiliates of the REvil ransomware family, who are believed to have orchestrated no fewer than 5,000 ransomware attacks and extorted close to $600,000 from victims.
Affiliates play a key role in the subscription-based ransomware-as-a-service (RaaS) business models, and are chiefly responsible for renting the toolset and the backend infrastructure from the core developers and launching their own attacks against a potential list of targets.
These actors are often recruited by the ransomware operators on underground forums, where their warez are advertised to Russian-speaking users or English speakers with a Russian-speaking guarantor, but only after vetting their technical skills. The affiliates also earn a large share of each successful ransom payment, ranging anywhere between 65% and 90%, making it an increasingly successful and profitable enterprise for cybercriminals.
According to Europol, the suspect is said to have targeted a large Romanian IT company delivering services to clients in the retail, energy and utilities sectors. Subsequently, the affiliate deployed ransomware and siphoned troves of data from the company’s customers located in the country and beyond, before proceeding to encrypting the files.
“The information stolen included the companies’ financial information, personal information about employees, customers’ details and other important documents,” Europol said in a statement. “The suspect would then ask for a sizeable ransom payment in cryptocurrency, threatening to leak the stolen data on cybercrime forums should his demands not be met.”
images from Hacker News