Ransomware Suspect Nabbed in Moldova After Dutch Research Agency Hit
A 45-year-old foreign national is in custody in Moldova, suspected of orchestrating a devastating ransomware attack that crippled a Dutch research agency in 2021. The attack, which demanded a €4.5 million ransom, is believed to be part of a larger campaign targeting Dutch organizations.
Law enforcement has arrested a 45-year-old foreign national suspected of playing a key role in a string of ransomware attacks that hit Dutch companies back in 2021. This arrest could be a significant step in bringing those responsible to justice.
According to a statement released by officials on Monday, the suspect is wanted internationally for a laundry list of cybercrimes, including ransomware attacks, blackmail, and good old-fashioned money laundering – all targeting companies in the Netherlands.
During the arrest, police didn't come empty-handed. They seized quite the haul: over €84,000 (that's about $93,000) in cash, an electronic wallet, a couple of laptops, a mobile phone, a tablet, six bank cards, two data storage devices, and six memory cards. Sounds like they were well-equipped!
While the suspect's name hasn't been released, we know he was picked up after a search of his home in Moldova. He's allegedly tied to at least one major incident: a ransomware attack on the Netherlands Organization for Scientific Research (NWO), which caused a staggering €4.5 million in damages.
That attack, which happened in February 2021, resulted in sensitive internal documents being leaked after NWO refused to give in to the ransom demands. The blame fell on a ransomware group known as DoppelPaymer.
"The attacker blocked network drives, rendered documents inaccessible, and stole some of our files," NWO explained at the time. "Following a demand for a ransom, which NWO cannot and will not accept on principle, the organization published some of the stolen files."
So, who *is* DoppelPaymer? Well, DoppelPaymer, which first popped up in June 2019, is thought to have evolved from the BitPaymer ransomware. Experts have noticed similar code, ransom notes, and even the payment portals are alike.
This isn't the first time law enforcement has gone after this group. Back in March 2023, authorities in Germany and Ukraine targeted suspected key members of the cybercrime ring behind the DoppelPaymer attacks.
Germany even issued arrest warrants for three alleged DoppelPaymer masterminds: Igor Olegovich Turashev, Igor Garshin (also known as Igor Garschin), and Irina Zemlianikina. They're believed to be the brains behind the whole operation.
