Spanish Police Dismantles “Largest And Most Complex” Ransomware Ring

Eastern Bloc hackers wreaked chaos in Europe

Spanish authorities, in cooperation with Europol, have arrested eleven people suspected of running “the largest and most complex” cybercrime network dedicated to ransomware.

Ransomware is an especially intrusive form of malware that pretends to originate from various law enforcement agencies (including FBI) and locks access to a computer, accusing the user of visiting illegal websites or violating copyright. It then demands a payment in order for the (nonexistent)  charges to be dropped.

According to the European Cybercrime Centre (EC3), part of Europol that coordinates cross-border law enforcement activities against cybercrime, the ransomware netted its creators profits in excess of €1 million (£862,000) per year.

Operation Ransom

This particular piece of malicious software, dubbed the “Police Virus” by the Spanish, demanded a ‘fine’ of €100, keeping the user’s computer hostage until the funds reached the hackers. At the same time, it also looked through user’s files in search of personal information.

A typical ransomware page
A typical ransomware page

Since the virus was detected in May 2011, there have been more than 1200 reported cases in Spain alone. The Spanish Ministry of the Interior admitted that this malware could have affected “millions” of computers in at least 22 countries.

To combat the threat, Spanish authorities launched an international operation codenamed “Ransom”, led by the Technological Investigation Brigade of the Spanish National Police force and coordinated by Europol and Interpol, with additional support from Eurojust, the attachés of the Ministry of Interior of the Spanish Embassy in Moscow and the Spanish Embassy in the UAE.

The first to be arrested was a 27-year-old Russian national, responsible for the creation, development and distribution of the various versions of “Police Virus”. He was apprehended in the United Arab Emirates while on holiday, and is awaiting extradition to Spain.

Several days later, ten more members of the money laundering network were arrested in Costa Del Sol, including six Russians, two Ukrainians and two Georgians.

As part of the operation, police searched six offices, seizin IT equipment and credit cards which were used to cash out the ‘ransom’. According to EC3, money was laundered using various online gaming portals, electronic payment gateways, virtual currency and compromised credit cards.

It was then discovered that daily international money transfers were made through currency exchanges and call centres, ensuring that the funds arrived at their final destination in Russia.

The investigation is ongoing, and the Spanish authorities have said that “further arrests are not ruled out”.

How well do you know Internet security? Try our quiz and find out!