Dutch police have released a statement saying that they have arrested three men for their alleged involvement with a ransomware gang that stole sensitive data and extorted hundreds of thousands of euros from thousands of companies.
The three arrested are:
- A 21-year-old man from Zandvoort, whom police identified as the “prime suspect” and is said to have made over Є2.5 million ($2.65 million, £2.21 million) over the course of his career.
- A 21-year-old man from Rotterdam
- An 18-year-old man without a permanent residence
According to the Amsterdam police cybercrime team, the investigation began in March 2021 after a large Dutch company reported a case of data theft that had come accompanied by a ransom demand.
“During the course of the investigation it has become clear that probably thousands of small and large companies and institutions, both national and international, have fallen victim to computer intrusion (hacking) in recent years and subsequently theft and handling of data,”
politie.nl
One of the three men arrested reportedly works as an “ethical hacker” for a Dutch cyber security company, and as a volunteer for Dutch security organization DIVD (The Dutch Institute for Vulnerability Disclosure).
DIVD is an association of security researchers that receives government funding to bolster up the nation’s security defenses.
The investigation by the criminal investigation department provided an insight into the hackers working method which is typical of such ransomware gangs.
After illegally accessing the data on the systems of the affected companies, the hackers sent threatening messages by email stating that they must pay a ransom in bitcoins. If a company does not pay, it threatens to destroy the company’s digital infrastructure or to make the data public.
Many companies felt compelled to pay in hopes of protecting their data, and as far as it is known, the ransom demand per company rose to more than 100,000 euros, with a peak of more than 700,000 euros.
In many cases, the stolen data was still sold online, even though the affected companies had paid the ransom demand.
Stolen data includes peoples names, addresses, telephone numbers, dates of birth, bank account numbers, credit cards, passwords, license plates, citizen identification information, and passport data.