Security Market Segment LS
Thursday, 21 December 2017 11:12

Romanians arrested for spreading Windows ransomware


Five Romanians suspected of spreading the CTB-Locker Windows ransomware throughout Europe and the US have been arrested in Bucharest.

A statement from Europol said six houses in Romania were searched as a result of a joint investigation carried out by the Romanian Police (Service for Combating Cyber Crime), the Romanian and Dutch public prosecutor’s office, the Dutch National Police, the UK’s National Crime Agency, the US FBI with the support of Europol’s European Cyber Crime Centre and the Joint Cyber Crime Action Taskforce.

Investigators seized hard drives, laptops, external storage devices, digital currency mining devices and numerous documents. The group is accused of unauthorised computer access, serious hindering of a computer system, misuse of devices with the intent of committing cyber crimes and blackmail.

Romanian authorities received information about the group's operations in early 2017 from the Dutch High Tech Crime Unit. The group was said to be sending spam which was masqyerading as messages from well-known companies in Italy, the Netherlands and the UK.

Help was sought from the American security firm McAfee in identifying malware samples and answering other queries.

Each email had an attachment in the form of an acrhived invoice that contained the CTB-Locker ransomware.

First detected in 2014,CTB-Locker was one of the first ransomware variants to use Tor to hide its command and control infrastructure.

It targets Windows XP, Vista, 7 and 8. Once infected, all documents, photos, music, and videos are encrypted asymmetrically, which makes it very difficult to decrypt the files without the private key which is in possession of the attackers.

Europol said that more than 170 victims had been identified and their complaints would help in prosecuting the suspects.

Two men from the group are accused of spreading the Cerber ransomware to a large number of Windows PCs in the US.

The group was not creating its own malware, but rather renting it and paying about 30% of whatever it earned as rent.

McAfee chief scientist Raj Samani and lead scientist and principal engineer Christiaan Beek said: “Today, a clear message has been sent — involvement in cyber crime is not zero risk.

"The law enforcement action emphasises the value of public-private partnerships and underscores the determination behind the McAfee mantra 'Together is power'."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments