Europol's European Cybercrime Centre has worked with the Romanian National Police and FBI on the arrest of a suspected ransomware affiliate who is alleged to have targeted high-profile organisations and companies for their sensitive data.
Europol said a 41-year old Romanian man has been arrested in Craiova, Romania. It said the man is suspected of compromising the network of a large Romanian IT company that delivers services to clients in the retail, energy and utilities sectors.
The suspect is accused of targeting organisations in ransomware attacks, encrypting files and stealing sensitive data. He's suspected of demanding a "sizeable" ransom payment in cryptocurrency, and threatening to leak the stolen data if the victim didn't give in to the extortion attempt.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The attacker stole financial information about the company, personal information about employees, customer details and other sensitive details, and attempted to blackmail the victim into paying a ransom with a threat to publish the data. It wasn't revealed if this attempt at extortion was successful or not.
Europol supported the investigation by tracing cryptocurrency payments, providing malware analysis and forensic support, and deploying experts to Romania.
The arrest is the latest in a string of arrests by the Romanian authorities, which last month arrested two individuals suspected of involvement in Sodinokibi/REvil ransomware attacks.
A recent report by Europol warned that ransomware attacks are getting more sophisticated as cyber criminals look towards new tactics and techniques to maximise the chances of successfully receiving a ransom payment, something that regularly costs victims millions of dollars.
"Perpetrators continue to be increasingly ruthless and methodical in their modi operandi," said the report.
MORE ON CYBERSECURITY
- Ransomware: Looking for weaknesses in your own network is key to stopping attacks
- Have we reached peak ransomware? How the internet's biggest security problem has grown and what happens next
- Ransomware: Even when the hackers are in your network, it might not be too late
- Crooks are selling access to hacked networks. Ransomware gangs are their biggest customers
- These ransomware criminals lost millions of dollars in payments when researchers secretly found mistakes in their code