Spanish Cops Smash “Ransomware” Cybercrime Ring


Police in Spain say that they’ve smashed a cybercrime ring that infected millions of computers with ransomware, using the virus to extort potentially millions of dollars from their unsuspecting victims, it was reported today.

According to European Cybercrime Centre, which led the investigation, the suspected hackers would install ransomware onto their victim’s computers, using it to lock their hard drives before posing as police agencies and demanding payment of a fine to unlock their computers.

The lead suspect in the case has been described by Spain’s Ministry of the Interior as a “27-year-old citizen of Russian origin who was arrested in December in the United Arab Emirates”. The suspect is now said to be awaiting extradition to Spain. Yesterday’s operation saw the arrest of an additional ten suspects, including six more Russians, two Ukrainians and two Georgians that are linked to the ring’s “financial cell”, according to officials.

Ransomware is known to be a particularly effective method for hackers to obtain money from their victims due to its terrifying nature. Once installed onto a machine, the malware effectively locks down the infected computer, posting an official-looking notice that says “illegal activity” has been detected. The message then demands that victims pay a fine (€100) in order to regain control of their computers. European Cybercrime Centre officials added that in this case, the hackers also stole personal data from their victims.

Rob Wainwright, Director of Europol, told the New York Times that the operation was a notable first for European authorities:

“This is the first major success of its kind against a very new phenomenon that we have only identified in the last two years. This is a mass marketing scam to distribute this thousands of times and rely on the fact that even if only 2 percent fall victim to the scam, it is still a very good pickup rate.”

Police did not give an estimate of how much money the gang is believed to have stolen, but according to Francisco Martínez, Spain’s secretary of state for security, it’s likely that they recouped more than $1 million from Spanish victims alone, even though only 3% of the gang’s victims ended up paying the fines.

The ransomware first came to the attention of Spanish officials in May 2011, and since that time they have received more than 1,200 complaints from internet users in that country. The Spanish police’s Technological Investigation Brigade added that the malware was detected in at least 22 other countries.

Yesterday’s raids saw police six search different properties in the southern coastal province of Malaga, during which officers confiscated an assortment of IT equipment, as well as credit cards which the hackers used to ‘cash out’ their ill-gotten gains. More than 200 credit cards were found in total, which has been used to withdraw around $35,000 in the weeks before the arrests. As well as using credit cards, the gang employed numerous creative methods to launder and cash out the money they stole, exploiting a variety of electronic payment gateways, online gaming portals and virtual coin systems.

The New York Times quotes Spanish police as saying that six of the ten arrested individuals have been charged with “money laundering, fraud and involvement in a criminal enterprise,” while the others are currently under investigation.