Cyber-gang extorted millions by posing as cops, copyright holders

Get short URL

Published time: February 14, 2013 10:18
Edited time: February 14, 2013 14:18

Tags

Crime, Europe, Hacking, Internet

European police have busted a cybercriminal ring that extorted millions of euros with a computer virus that locked machines up and demanded a ransom. They also posed as police, accusing victims of viewing child pornography and infringing copyrights.

Eleven suspects were detained in an operation by Europol and Spanish police, police reported on Wednesday. A 27-year-old Russian who allegedly created and distributed the virus was detained in the United Arab Emirates in December, while on vacation. Ten others were detained in Spain last week, including Russians, Ukrainians and Georgians, Spanish police said.

"This is the first major success of its kind against a very new phenomenon that we have only identified in the last two years," Europol Director Rob Wainwright said at a news conference at the Spanish Interior Ministry in Madrid.

The cyber-gang used so-called ‘ransomware,’ a type of malware that locks down an infected computer until a ransom is paid. This particular operation targeted users with false accusations from national and international police forces, and occasionally organizations defending copyright holders. A message would demand payment of a fine of 100 euro ($134) over alleged wrongdoings, including searching for child pornography, visiting terrorist websites and illegal file-sharing.

"It used the idiom and logo of each specific police service," Wainwright said. "Even Europol and my own name have been used to defraud citizens."

Cybersecurity expert have found at least 48 variations of the malware, the oldest dating back to 2005, which used different logos and accusations. They also believe the gang had specifically targeted users who may have been involved in illegal online activities, making their ransom claims more plausible.

Police believe that about 3 percent of those targeted actually paid the ransom – enough to make the criminal operation quite lucrative, netting them millions annually. In Spain alone, they are believed to have collected more than 1 million euros ($1.3 million), according to Spanish police.

The gang operated in six countries when police first detected their activities two years ago. As the investigation proceeded, they expanded to as many as 30 nations, mostly in Europe.

Spanish police seized hardware and more than 200 credit cards in the raid. They said the suspects also had 26,000 euros ($35,000) in cash with them.

Of the 10 suspects detained, six have been charged with laundering, fraud and involvement in a criminal organization; the four others remain under investigation. The police offered no detail on the prosecution of the alleged author of the malware, who is also believed to be the gang’s leader.

Comments (7)

skyy (unregistered) 15.02.2013 03:38

Rune Traveller (unregistered) wrote in #5 they infected a friends computer, now how do you get rid of this? My computer got locked a few weeks ago. I didn't feel like formatting and reloading...I was being lazy. I created a new account and made it an administrater account. Then I deleted original account that had the computer locked. Worked like a charm and it saved me from a lot of work or playing around in safe mode with the bios.

Undo

alephfool (unregistered) 15.02.2013 01:01

Ukash is the common name of this trogan. It's been around since last year,you open an item and your computer is frozen. Disconnect the internet and clean with a Malware a detector. Malwarebytes or Supper Anti Spyware are both free to down load.If the freeze is so tight you can't do anything you will need to go to the bios and use safe mode if you are using windows.Look at Filehippo or Piriform Sites for download.

Undo

Rune Traveller (unregistered) 14.02.2013 22:38

they infected a friends computer, now how do you get rid of this?

Undo

View all comments (7)