2 min read

Europol releases dramatic video of Romanians arrested for spreading CTB Locker and Cerber ransomware

Filip TRUȚĂ

December 21, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Europol releases dramatic video of Romanians arrested for spreading CTB Locker and Cerber ransomware

As part of an extensive law enforcement operation called “Bakovia,” Romanian authorities on Wednesday arrested five individuals suspected of infecting tens of thousands of computers across Europe and the United States using the infamous Ransomware-as-a-Service model leveraging two of the most criminally profitable ransomware strains – CTB Locker and Cerber.

The Europol released a dramatic video of one of six raids in Romania as a result of a joint investigation by Romanian Police, Dutch National Police, the UK”s National Crime Agency and the FBI.

The video shows investigators seizing hard drives, laptops, external storage devices, cryptocurrency mining devices and hundreds of SIM cards, as well as numerous documents incriminating the suspects.

“The criminal group is being prosecuted for unauthorised computer access, serious hindering of a computer system, misuse of devices with the intent of committing cybercrimes and blackmail,” the Europol said.

Operation “Bakovia” reportedly started early this year, when Romanian authorities received detailed information from the Dutch High Tech Crime Unit and other authorities that a group of Romanian nationals was involved in sending spam messages with the purpose of infecting victims’ computers with ransomware.

In a typical infection vector for ransomware attacks, the spam emails were crafted to look like they were sent from well-known companies that victims might be doing business with – i.e. their power utility company. The emails were sent across Italy, the Netherlands, the UK and the US.

“The intention of the spam messages was to infect computer systems and encrypt their data with the CTB-Locker ransomware aka Critroni,” Europol said. “Each email had an attachment, often in the form of an archived invoice, which contained a malicious file. Once this attachment was opened on a Windows system, the malware encrypted files on the infected device.”

CTB-Locker notably uses the Tor anonymity service to hide its command and control (C&C) center and targets almost all versions of Microsoft’s Windows operating system. It encrypts all data on the infected computer and demands a ransom (in the form of cryptocurrency) in exchange for decrypting the data.

More than 170 victims filed complaints, which the Europol says “provided evidence that will help with the prosecution of the suspects.”

The CTB-Locker investigation was separate from the Cerber investigation, but the two were soon combined when investigators found the same Romanian group was behind both attacks. A new investigation into the Cerber ransomware infections targeting the United States is now underway at the United States Secret Service. As part of this investigation, two suspects were arrested this week in Bucharest while trying to flee Romania.

Bitdefender recommends that ransomware victims refrain from paying ransom money in exchange for having their data decrypted, as cybercriminals rarely (if ever) do so. Never open email attachments from sources you do not fully trust. Finally, running a trusted antivirus solution offers the best defense against ransomware.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Most Employees Believe Passwords Affect Their Productivity, Research Finds Most Employees Believe Passwords Affect Their Productivity, Research Finds
Silviu STAHIE

December 06, 2021

1 min read
US State Department iPhones Infected with Pegasus Spyware – Report US State Department iPhones Infected with Pegasus Spyware – Report
Filip TRUȚĂ

December 06, 2021

2 min read
Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read