Three men have been arrested by Dutch police in connection with a ransomware attack that threatened thousands of businesses.
Men between the ages of 18 and 21 were said to have made millions of dollars, and ransoms were typically demanded of €100,000, sometimes reaching €700,000 or more.
A 21-year-old man from Zandvoort, whom police have dubbed the ‘prime suspect’, is said to have earned more than €2.5 million (US$2.65 million) over the course of his criminal career.
Tens of millions of identities are believed to have been stolen by malicious hackers in attacks against organizations large and small around the world.
The stolen confidential information not only included personal names, addresses and phone numbers, but also dates of birth, bank account numbers, credit cards, passwords, license plate details, civil service numbers and passport information, it said. It is
Such data can be misused by identity thieves and fraudsters to gather personal details and access accounts.
Even when the ransom is paid to the extortionists, the stolen data is said to be commercially sold to other cybercriminals via dark web marketplaces.
Surprise – I can’t believe criminals keep their promises.
Interestingly, one of those arrested by Dutch police was an active member of the Dutch Institute for Vulnerability Disclosure (DIVD), a government-backed group of ethical hackers who look for flaws in computer systems. It is reported that
The arrested researchers had access to sensitive information about vulnerable systems, which could have been exploited to aid ransomware attacks, according to media reports.
Dutch media reported that DIVD said in an internal Slack message that it “did not see any indications” that the man had abused his access rights.
“We immediately blocked him and denied him access to our systems. We are as shocked as everyone else…he was a great colleague.”
The collaboration with DIVD comes at an inopportune time as the authorities are considering additional funding to bolster the country’s cybersecurity defenses.
