The leaders behind a cyber black market that sold access to 21,000 compromised servers are under arrest, said officials at Europol.
Two Ukrainians, whose names were not immediately available, ended up busted in Madrid as a part of a joint operation with the Spanish National Police, said officials at the European Cybercrime Centre (EC3).
Operation Ransom II – the second of this kind after one in Málaga (Spain) in February 2013 – was the culmination of an extensive investigation of over a year, corroborating the fact that police ransomware is still a big threat to EU citizens, according to a report on the EC3 website.
“On 9 July, Spanish National Police arrested the two (suspects) and searched their house,” the report said.
Authorities seized different items during the raid, including $67,613 (€50,000) in cash, as the group apparently had huge profits from various enterprises, Europol said.
“Their sophisticated money laundering facility was processing around $13,521 (€10,000) daily through various electronic payment systems and virtual currencies,” Europol said.
The suspects, Europol said, compromised 21,000 company servers and had successfully sold access to them to more than 450 criminal groups. “The 21,000 compromised servers of companies located in 80 countries (1,500 of them in Spain) had a common feature whereby access settings were via a remote desktop (RDP),” the report said.
“With this set-up, the cyber criminal could access all information contained on the servers, using full administrator privileges for the system, i.e. absolute control. The criminals ran an online shop where the compromised machines were ‘sold’ to 450 of their cyber criminal ‘customers’ who were able to choose the location (country) of their preferred servers,” according to the report.
Europol said the takedown was only possible thanks to cross-department and agency cooperation and data sharing. “This Spanish National Police investigation was supported from the early stages by Europol specialists, who organized and hosted a coordination meeting in April 2013,” the report said.