Get in touch now on

+61 7 3480 5121

Europol releases dramatic video of Romanians arrested for spreading CTB Locker and Cerber ransomware
21 December, 2017
This post was originally published on this site

As part of an extensive law enforcement operation called “Bakovia,” Romanian authorities on Wednesday arrested five individuals suspected of infecting tens of thousands of computers across Europe and the United States using the infamous Ransomware-as-a-Service model leveraging two of the most criminally profitable ransomware strains – CTB Locker and Cerber.

The Europol released a dramatic video of one of six raids in Romania as a result of a joint investigation by Romanian Police, Dutch National Police, the UK’s National Crime Agency and the FBI.

The video shows investigators seizing hard drives, laptops, external storage devices, cryptocurrency mining devices and hundreds of SIM cards, as well as numerous documents incriminating the suspects.

[embedded content]

“The criminal group is being prosecuted for unauthorised computer access, serious hindering of a computer system, misuse of devices with the intent of committing cybercrimes and blackmail,” the Europol said.

Operation “Bakovia” reportedly started early this year, when Romanian authorities received detailed information from the Dutch High Tech Crime Unit and other authorities that a group of Romanian nationals was involved in sending spam messages with the purpose of infecting victims’ computers with ransomware.

In a typical infection vector for ransomware attacks, the spam emails were crafted to look like they were sent from well-known companies that victims might be doing business with – i.e. their power utility company. The emails were sent across Italy, the Netherlands, the UK and the US.

“The intention of the spam messages was to infect computer systems and encrypt their data with the CTB-Locker ransomware aka Critroni,” Europol said. “Each email had an attachment, often in the form of an archived invoice, which contained a malicious file. Once this attachment was opened on a Windows system, the malware encrypted files on the infected device.”

CTB-Locker notably uses the Tor anonymity service

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row



Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia