Ransomware Affiliate Arrested for Selling Stolen Data of 300 Million People

The Romanian National Police (Poliția Română) and the US Federal Bureau of Investigation (FBI) have recently arrested a ransomware affiliate with the help of Europol’s European Cybercrime Centre (EC3) for selling stolen data of 300 million people. 

Here the hacker has stolen this sensitive data from high-profile organizations and companies around the globe, including a large Romanian IT company by compromising their networks.

A partner of the extortionist group who is suspected of hacking into networks and stealing sensitive data has been arrested by Romanian law enforcement.

The suspect is a 41-year-old Romanian citizen, and he was arrested by law enforcement officials at his home in Craiova, Romania. The officials have claimed that the suspect was charged for:-

• Art. 361 (Unauthorized interference in the operation of computers, automated systems, computer networks, or telecommunications networks)
• Art. 361-2 (Unauthorized sale or dissemination of information with limited access stored in computers, automated systems, computer networks, or on media of such information)
• Art. 362 (Unauthorized actions with information processing in computers, automated systems, committed by a person who has the right to access it)
• Art. 182 (Violation of privacy)

Ransomware with blackmail

The network of a large Romanian IT company was targeted and hacked by the hacker since they deliver several IT services to the clients from several sectors like:-

• Retail
• Energy
• Utility

Here the hacker stole sensitive data from the clients of the IT company and then deployed ransomware on the compromised network of the company.

The hacker has stolen the following data from the compromised network of the company:-

• Companies’ financial information
• Personal information about employees
• Customers’ details
• Other important documents

After settling all these data, the hacker encrypts all the data present on the systems of the compromised network and then demands a sizeable ransom payment in cryptocurrency.

Apart from this, on hacking forums for selling stolen personal data of users around the globe, Ukrainian law enforcement arrested 51 suspects during their infiltration operation that is dubbed as “DATA.”

The Head of the Department for Combating Crimes in the Field of Computer Systems stated:-

“The cost of databases ranged from 500 to 50 thousand hryvnias – depending on its content and commercial value. The attackers sold information on closed hacking forums, as well as on social networks and messengers. A total of 117 searches were conducted in different regions of Ukraine. As a result, more than 90,000 gigabytes of information were removed.”

Support of Europol

The EC3 of Europol have supported the whole operation and investigation by providing the following things:-

• Analytical support
• Cryptocurrency tracing
• Malware analysis
• Forensic support
• For advance forensic support and to help with crypto-asset forfeiture deployed two of its experts to Romania.

During this investigation, more than 30 channels of illegal dissemination of information were blocked. However, currently, it is not yet known which group of ransomware the suspect was working with.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.