Spanish police nab ransomware boss

Alleged mastermind behind 'Police Trojan' caught with the help of Trend Micro

The Spanish national police service has made an arrest in relation to a ransomware that accuses PC users of having visited child pornography or illegal file sharing sites.

The suspect, a 27-year-old Russian living in Spain, is alleged to be the head of a criminal gang extorting money from PC users across the world. He was picked up in Dubai on an international arrest warrant and, according to Spainish police, is in the process of being extradited back to Spain.

The malware he is accused of producing is a strain of the Reveton virus, which is part of a family known as Police Trojan' attacks. This type of Trojan locks the victim's computer and poses as their local police force, demanding the payment of a 100 (85.97) fine' to unlock it again.

It has many similarities with another Trojan reported by the German Federal Police, which went as far as to display images of child abuse in order to extract payment.

His arrest follows the detention of 10 others who it is alleged form part of a money laundering ring based in the Costa del Sol, who took care of the money gained through this type of extortion.

"We received over 1,200 complaints [about the malware], although the number of people affected is certainly higher," said the Spanish police service in a statement.

"The investigation carried out by the National Police Service Technology Investigation Unit was carried out at an international level and has affected more than 22 countries, which made collaboration with Europol and Interpol especially important in order to coordinate working groups in the affected countries," it added.

As well as Interpol and Europol, the Spanish police worked closely with cyber security specialists Trend Micro to catch the alleged gang members.

Rik Ferguson, global vice president of security research at Trend Micro, said: "Trend Micro and Spanish law enforcement agencies have collaborated extremely closely; sharing intelligence, sharing samples and related technical detail.

"As a direct result of activities carried out by Trend Micro threat research, they were able to map the criminal network infrastructure including traffic redirection and command and control servers."

Ferguson added that this type of coordinated activity, which leads directly to the arrest of cyber criminals, "should serve as a model for how the security industry and law enforcement can effectively cooperate in the fight against online crime".

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021