Ransomware affiliate arrested in Romania
Romanian police have detained a 41-year-old suspect today in the city of Craiova on suspicion of participating in ransomware attacks across the globe.
The suspect was detained in the early hours of the morning by Romania's Directorate for Investigating Organized Crime and Terrorism (DIICOT), following a joint investigation with Europol and the US Federal Bureau of Investigation.
He is believed to be a so-called "ransomware affiliate," a term used to describe cyber-criminals who rent access to ransomware, hack into corporate networks, and then deploy it against their targets.
If they manage to successfully infect and then ransom a company, they keep the vast majority of the profits and then provide the ransomware's creator with a small cut.
According to DIICOT and Europol, the Romanian suspect hit a major Romanian company, but also other targets across the globe.
The Romanian victim was described as an IT company that delivers services in the retail, energy, and utilities sectors.
Sources familiar with the arrest and the suspect's attacks in Romani told The Record today that the incident cited in the official press releases was never made public but greatly disrupted the company's ability to provide services at some of its stores.
Authorities did not release the suspect's name or his affiliation with any specific Ransomware-as-a-Service (RaaS) program.
This marks the third ransomware affiliate arrested in Romania this year after two suspects who collaborated with the REvil gang were detained last month.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.