This article is more than 1 year old

Euro ransomware probe: Five Romanians cuffed

Alleged extortionists wielded CTB-Locker aka Critroni and Cerber file-scrambling nasties

Five people suspected of infecting Windows PCs with ransomware – and extorting money from more than 170 victims in Europe and the US – have been arrested.

In the past week, an international crimefighting task force led by Europol collared the quintet in Romania – and searched six homes, seizing a load of computer parts and cryptocurrency mining equipment as part of a criminal investigation dubbed Operation Bakovia.

Below is Europol's video of the raids:

Youtube Video

Three of the nabbed suspects allegedly used spam emails to infect victims' computers with the file-scrambling ransomware CTB-Locker aka Critroni. The software nasty demanded money to restored encrypted files, and was orchestrated by its masters via the Tor anonymizing network.

The other two peeps, arrested in the Romanian capital of Bucharest, are accused of using the Cerber ransomware to extort people in the US.

All five are understood to be part of the same gang, and will be charged with unauthorized computer access, the serious hindering of a computer system, misuse of devices with the intent of committing cyber-crimes, and blackmail.

Europol officials said this was another example of crime-as-a-service at play: the suspects allegedly bought the ransomware from another source and agreed to share 30 per cent of any ill-gotten gains.

The agency also insisted that ransomware attacks are "relatively easy to prevent if you maintain proper digital hygiene." For instance, keep offline backups of your files, do not open suspicious email attachments, and keep systems fully patched and up to date.

If infected, netizens should not pay the ransom, as there is no guarantee the extortionists will decrypt the scrambled files, and the money will fund further criminal activity. ®

More about

More about

More about


Send us news

Other stories you might like