'Ethical hacker' among ransomware suspects cuffed by Dutch cops

Dutch police have arrested three men for their alleged involvement with a ransomware gang that stole sensitive data and extorted hundreds of thousands of euros from thousands of companies.

The trio are a 21-year-old man from Zandvoort, whom police identified as the "prime suspect," a 21-year-old man from Rotterdam, and an 18-year-old man without a permanent residence. The ringleader is said to have made over €2.5 million ($2.65 million, £2.21 million) over the course of his career.

One of the three reportedly works as an "ethical hacker" for Dutch security organization DIVD, or Dutch Institute for Vulnerability Disclosure. DIVD is an association of security researchers that receives government funding, and according to local news reports, lawmakers are considering giving the group a larger role — and more money — to bolster up the nation's security defenses.

According to the Amsterdam police cybercrime team, the investigation began in March 2021 after a large Dutch company reported a case of data theft that had come accompanied by a ransom demand.

"During the course of the investigation it has become clear that probably thousands of small and large companies and institutions, both national and international, have fallen victim to computer intrusion (hacking) in recent years and subsequently theft and handling of data," the cops said. "Tens of millions of privacy-sensitive personal data have fallen into the hands of criminals as a result of this theft and trade."

At the time of capture the criminals were typically demanding more than €100,000 in Bitcoin per victim, with the largest extortion demand disclosed exceeding €700,000. In many cases the crooks still sold the stolen data on dark-web marketplaces, even after the victim organizations paid the ransom, the Dutch police added.

Stolen data includes peoples names, addresses, telephone numbers, dates of birth, bank account numbers, credit cards, passwords, license plates, citizen identification information, and passport data. 

• Bloke allegedly stole, sold private info belonging to 'tens of millions' globally
• Eurocops shut down Exclu encrypted messaging app, arrest dozens
• International cops arrest hundreds of fraudsters, money launderers and cocaine kingpins
• Suspected Russian NLBrute malware boss extradited to US

One of the men arrested had access to all kinds of sensitive information because he worked on confidential cybercrime investigations as a DIVD researcher, according to Dutch public broadcasting company NOS.

"You don't just get access to information at DIVD, so he played it very cleverly," the anonymous source told NOS. "You only get access to information if you really cooperate with an investigation."

A DIVD spokesperson told the broadcaster that the organization had "no indications" the suspect had abused his access to personal data. "We are just as shocked as everyone else," a DIVD spokesperson said.

The three ransomware-related arrests come about a month after Dutch police collared a man suspected of stealing personal data belonging to tens of millions of people worldwide and selling that info on cybercrime forums.

The 25-year-old now faces charges of violating data privacy and computer trespassing laws, and laundering cryptocurrency valued at around $491,000. ®