Police in Spain have arrested a gang of 11 cyber criminals who used "ransomware" to demand money from thousands of victims in 30 countries.
The malware used by the gang froze infected computers and displayed messages that purported to be from police authorities.
The messages demanded that the user pay a fine of €100 for accessing file-sharing, child pornography or terrorist sites.
Researchers from security firm Trend Micro, which helped find the origin of the malware, said there were 48 different variations of the virus in use.
Gathering evidence against ransomware gang
Researchers at the security firm have been working with Spanish law enforcement in recent months, providing evidence and intelligence related to the Reveton ransomware.
Trend Micro said early versions of the malware first surfaced in Russia in 2005, but the gang refined it so that it would display police logos appropriate to the victim's country of residence.
Through mapping the criminal network infrastructure, including traffic redirection and command and control servers, police were able to identity one of the individuals at the head of this criminal gang.
Police arrested six Russians, two Ukrainians and two Georgians in the Costa del Sol. The gang leader, a 27-year-old Russian, was arrested in Dubai in the United Arab Emirates in December 2012 on an international arrest warrant. Spanish authorities are seeking his extradition.
More on ransomware
- PCeU arrests three suspected ransomware blackmailers
- Ransomware variant works on Windows 8, Symantec says
- Polymorphic ransomware tops malware charts
- New ransomware encrypts files, demands $120
- Panda spots new ransomware
- Ransomware and computer blackmail viruses: a history
- Has ransomware made a comeback?
According to the Guardian, the arrests point to the growing cooperation between private organisations, with high-tech expertise in identifying the source of some of malware, and police organisations, which typically lack the necessary resources.
The paper said Europol director Rob Wainwright, whose name was used in the scam, estimated that millions of euros had been extorted from hundreds of thousands of victims in Europe.
Thousands of victims out of pocket to cyber crime
Spanish police said that since first discovering the virus in May 2011 they had received 1,200 complaints, but the number of people affected was "certainly much higher".
The 10 men arrested in Spain were involved in the money laundering part of the operation, while the man arrested in Dubai is believed to have been involved in creating the malware used for the scam.
Victims paid the “fines” into PaySafeCard/UKash vouchers, which were sent from the US to the gang in Spain, where they were converted into cash, which was transferred electronically to Russia.
Trend Micro said this coordinated activity, leading directly to the arrest of individuals believed to be actively engaged in cyber crime rather than simply taking down associated infrastructure, should serve as a model for how the security industry and law enforcement can effectively cooperate in the fight against online crime.
Image: Brand X Pictures/Thinkstock