Two men from southeastern Constanta were remanded in custody for 30 days, being accused for joining two groups of hackers - Sodinokibi/Revil and GandCrab, who launched ransomware type attacks upon entities all over the world: companies, municipalities, hospitals, law and order, emergency services, schools, colleges and universities, the illicit gains being estimated at billions of dollars.
On November 4, DIICOT (Directorate for Investigating Organized Crime and Terrorism) prosecutors carried out house searches, based around the Constanta Municipality, to people suspected of being involved in distributing Sodinokibi/Revil and GandCrab ransomware-type malicious applications. Furthermore, several mobile devices were picked up (laptops, mobile phones and various storage devices).
Following the action, two people were apprehended and then remanded in custory for committing infractions such as illegally accessing IT systems in continuous form, disturbing the functionality of IT systems, blackmail and money laundering.
Investigations were carried within a joint investigation team (JIT), formed of authorities from Germany, France and Romania, and for house searches there were teams of investigators from France and specialists within Europol.
According to a press release sent by DIICOT, starting with the year 2018, the defendants joined several international organized crime groups, established online, which were functioning after the Ransomware as a Service (RaaS) model.
At the same time with the investigation in Romania, within the GoldDust Operation, with the support of Europol, there were international cooperation activities carried out, within an investigative group formed of 17 agencies of law and order services from all around the world.
Thus, five people were arrested, who were involved in the GandCrab and Sodinokibi/Revil ransomware programs, three by the judicial authorities in South Korea, one by the ones in the United States of America and one by the judicial authorities in Kuwait.
The investigations in cause were also carried out in cooperation with law and order authorities from several states: Australia, Belgium, Canada, France, Germany, the Netherlands, Luxemburg, Norway, the Philippines, Poland, Romania, South Korea, Sweden, Kuwait, the United Kingdom of Great Britain, the United States of America, but also with the support of Europol and Interpol.
According to the Romanian Police, the Romanian company Bitdefender supported this investigation, offering key technical support, throughout its entire investigation, alongside decrypting instruments to both ransomware companies, extremely prolific, in order to recover their files.
KPN and McAfee are other partners from the private sector that supported this investigation, offering technical expertise.
Comentează