Cyber-gang extorted millions by posing as cops, copyright holders

14 Feb, 2013 10:18 / Updated 12 years ago

European police have busted a cybercriminal ring that extorted millions of euros with a computer virus that locked machines up and demanded a ransom. They also posed as police, accusing victims of viewing child pornography and infringing copyrights.

Eleven suspects were detained in an operation by Europol and Spanish police, police reported on Wednesday. A 27-year-old Russian who allegedly created and distributed the virus was detained in the United Arab Emirates in December, while on vacation. Ten others were detained in Spain last week, including Russians, Ukrainians and Georgians, Spanish police said."This is the first major success of its kind against a very new phenomenon that we have only identified in the last two years," Europol Director Rob Wainwright said at a news conference at the Spanish Interior Ministry in Madrid.

The cyber-gang used so-called ‘ransomware,’ a type of malware that locks down an infected computer until a ransom is paid. This particular operation targeted users with false accusations from national and international police forces, and occasionally organizations defending copyright holders. A message would demand payment of a fine of 100 euro ($134) over alleged wrongdoings, including searching for child pornography, visiting terrorist websites and illegal file-sharing."It used the idiom and logo of each specific police service," Wainwright said. "Even Europol and my own name have been used to defraud citizens."

Cybersecurity expert have found at least 48 variations of the malware, the oldest dating back to 2005, which used different logos and accusations. They also believe the gang had specifically targeted users who may have been involved in illegal online activities, making their ransom claims more plausible.

Police believe that about 3 percent of those targeted actually paid the ransom – enough to make the criminal operation quite lucrative, netting them millions annually. In Spain alone, they are believed to have collected more than 1 million euros ($1.3 million), according to Spanish police.

The gang operated in six countries when police first detected their activities two years ago. As the investigation proceeded, they expanded to as many as 30 nations, mostly in Europe.

Spanish police seized hardware and more than 200 credit cards in the raid. They said the suspects also had 26,000 euros ($35,000) in cash with them.

Of the 10 suspects detained, six have been charged with laundering, fraud and involvement in a criminal organization; the four others remain under investigation. The police offered no detail on the prosecution of the alleged author of the malware, who is also believed to be the gang’s leader.