Spanish police nab ransomware boss

News 14 Feb, 2013

Alleged mastermind behind 'Police Trojan' caught with the help of Trend Micro

The Spanish national police service has made an arrest in relation to a ransomware that accuses PC users of having visited child pornography or illegal file sharing sites.

The suspect, a 27-year-old Russian living in Spain, is alleged to be the head of a criminal gang extorting money from PC users across the world. He was picked up in Dubai on an international arrest warrant and, according to Spainish police, is in the process of being extradited back to Spain.

The malware he is accused of producing is a strain of the Reveton virus, which is part of a family known as ‘Police Trojan’ attacks. This type of Trojan locks the victim’s computer and poses as their local police force, demanding the payment of a €100 (£85.97) ‘fine’ to unlock it again.

It has many similarities with another Trojan reported by the German Federal Police, which went as far as to display images of child abuse in order to extract payment.

His arrest follows the detention of 10 others who it is alleged form part of a money laundering ring based in the Costa del Sol, who took care of the money gained through this type of extortion.

“We received over 1,200 complaints [about the malware], although the number of people affected is certainly higher,” said the Spanish police service in a statement.

“The investigation carried out by the National Police Service Technology Investigation Unit was carried out at an international level and has affected more than 22 countries, which made collaboration with Europol and Interpol especially important in order to coordinate working groups in the affected countries,” it added.

As well as Interpol and Europol, the Spanish police worked closely with cyber security specialists Trend Micro to catch the alleged gang members.

Rik Ferguson, global vice president of security research at Trend Micro, said: “Trend Micro and Spanish law enforcement agencies have collaborated extremely closely; sharing intelligence, sharing samples and related technical detail.

“As a direct result of activities carried out by Trend Micro threat research, they were able to map the criminal network infrastructure including traffic redirection and command and control servers.”

Ferguson added that this type of coordinated activity, which leads directly to the arrest of cyber criminals, “should serve as a model for how the security industry and law enforcement can effectively cooperate in the fight against online crime”.

Read more about: