Romanian hackers arrested in worldwide ransomware investigation

Five Romanian nationals have been arrested in connection with the CTB-Locker and Cerber file-encrypting ransomware. Two more people were arrested in Romania's capital, Bucharest, in connection with a U.S. investigation into Cerber ransomware.

In an operation code-named "Bakovia" - named after the Romanian poet George Bakovia - Romanian police searched six houses and seized the group's computer hardware including hard drives, external storage devices, cryptocurrency mining devices, hundreds of sim cards as well as numerous documents. Criminals designed the messages to look like they come from well-known companies situated in countries like the Netherlands, UK, and Italy. The intention of the spam messages was to infect computer systems and encrypt their data with the CTB-Locker ransomware, aka Critroni. The European police agency has identified over 170 victims in its jurisdiction.

The joint investigation was called "Bakovia", and it was carried out by the Romanian Police (Service for Combating Cybercrime), the Romanian and Dutch public prosecutor's office, the Dutch National Police (NHTCU), the UK's National Crime Agency, the US FBI with the support of Europol's European Cybercrime Centre (EC3), and the Joint Cybercrime Action Taskforce (J-CAT). "Each email had an attachment, often in the form of an archived invoice, which contained a malicious file". Since the ransomware employs asymmetric (RSA) encryption to corrupt the data, it is nearly impossible to decrypt the files without the individual key. The United States Secret Service launched an investigation into this ransomware, and when it was revealed that the suspects belong to the same group of Romanians that spread the CTB-Locker ransomware in Europe, the authorities in the various affected countries decided on closer coordination in their separate investigations, according to the Dutch police. "Emails in Dutch seemed to originate from one of the largest telco providers", Christian Beek, lead scientist and principal engineer in the McAfee's Office of the CTO, and Raj Samani, McAfee's chief scientist, write in a Wednesday blog post.

McAfee says CTB Locker was one of the world's three most common ransomware families in 2015 before becoming top dog in 2016 after a coordinated law enforcement effort, Operation Tovar, disrupted the infrastructure responsible for spreading CryptoLocker.

Hackers can earn a cut of ransom profits by helping spread the malicious software through their own spam campaigns, an "affiliate" innovation the Federal Bureau of Investigation says CTB-Locker helped pioneer.

Arsenal will demand Man City defender in deal for Alexis Sanchez
Arsenal manager Arsene Wenger reveals that he is "90%" sure that the squad will stay the same during the January transfer window. When they were unable to sign Monaco forward Thomas Lemar, Sanchez's move was scuppered.

In both cases, the perpetrators were using a ransomware-as-a-service offering. It was first spotted in 2014 and targets Windows PCs.

If systems do become infected, the No More Ransom project maintains free decryptors for some types of ransomware (see Two New Ransomware Decryptors Give Victims a Free Out).

"The worldwide investigation continues into other spreaders and eventually the makers of the CTB-Locker ransomware", the police said.

Three of the arrested individuals will be prosecuted in Romania, according to the Federal Bureau of Investigation.

Related Articles

  • Uber dealt blow after European Union  court classifies it as transport service

    Uber dealt blow after European Union court classifies it as transport service

    Barcelona taxi drivers behind the case honked their horns in celebration after hearing the European Court of Justice judgment. It rejects Uber's view that such services are purely digital.
    Salvation Army's Angel Tree Program brightens holidays for local families

    Salvation Army's Angel Tree Program brightens holidays for local families

    The App allows donors to select a Christmas kettle in their community by scanning a QR code or by using an interactive map. Another blow looms because Christmas Eve falls on a Sunday and there won't be any red kettles out that day.
    USA  upholds almost  300% duties on Bombardier in Boeing case

    USA upholds almost 300% duties on Bombardier in Boeing case

    Commerce Department finalizes duties of almost 300% on passenger jets made by Bombardier (OTCQX:BDRAF, OTCQX:BDRBF). The plan would create a new wrinkle because the planes would effectively be a USA product.
  • NASCAR Team Owner Richard Childress Shoots at Masked Burglars

    NASCAR Team Owner Richard Childress Shoots at Masked Burglars

    Three unidentified men, believed to have been armed, broke into Childress' North Carolina home Sunday around 10:30 p.m. Davidson County sheriff's officials are asking that if anyone has information related to the incident to call Sgt.
    Xiaomi Redmi 5 Plus succeeds Redmi Note 4; company dropping 'Note' branding

    Xiaomi Redmi 5 Plus succeeds Redmi Note 4; company dropping 'Note' branding

    The post also highlights that people are holding on for the Redmi Note 5, which might be hampering the sales of Redmi 5 series . The specifications seem similar to that of Redmi Note 4 with the thin bezels up front being the only major differentiator.
    Venus Williams, 2nd driver won't be charged in fatal crash, police say

    Venus Williams, 2nd driver won't be charged in fatal crash, police say

    Williams, 37, was not impaired or distracted, according to the police report, and she was not cited at the time of the accident. The American tennis player, Venus Williams is cleared of any charges over a auto accident that led to the death of a senior.
  • Nate Diaz To UFC: Ask Nicely, Motherf***ers'

    Nate Diaz To UFC: Ask Nicely, Motherf***ers'

    That not only has to do with ostentatious displays of wealth, but the mystique generated by his undefeated record. Could and would do is different things. "I'm not going to do it, though".
    US making plans for 'bloody nose' military attack on North Korea

    US making plans for 'bloody nose' military attack on North Korea

    Some companies reported massive losses, including FedEx which said they had incurred losses in the hundreds of millions of dollars.
    Canadian food cos Loblaw, George Weston issue price fixing response (L, WN)

    Canadian food cos Loblaw, George Weston issue price fixing response (L, WN)

    Metro said in a statement Tuesday that it continues to co-operate with authorities and it has launched an internal investigation. Second, the employees responsible for Weston Bakeries' and Loblaw's role in this arrangement are no longer with the Companies.
  • Didi Chuxing, a Chinese Rival to Uber, Raises $4 Billion

    Didi told China Daily that the license will be used to serve its transportation services and improve the user experience. Besides business expansion at home, "Didi has to step into the global market after its dominance in China".

    Express Scripts Holding Company (ESRX) : The Stock on Analysts Watch-List

    Marathon Asset Management Ltd Liability Partnership has invested 1.65% of its portfolio in The Priceline Group Inc. (NASDAQ:NFLX). Moreover, Green Valley Investors Ltd Liability Company has 12.23% invested in Express Scripts Holding Company (NASDAQ: ESRX ).
    Five killed in Bihar boiler blast

    Five killed in Bihar boiler blast

    A boiler at the factory in Gopalganj district in the Bihar state exploded on Wednesday, killing at least 5 workers and injuring 7. Shashi Kant Mishra said, "The condition of all the 9 workers who have been brought to the hospital is extremely serious".