Crooks that develop ransomware infections are very hard to locate and arrest. However, due to intense operations and co-operations between countries, cyber criminals can be caught. In this case, Romanian police managed to catch five people, suspected of distributing two one of the most successful ransomware infections: Cerber and CTB Locker. The “Operation Bakovia” was pursued by Europol, the FBI and Romanian, Dutch and UK law agencies. All of their efforts paid off when possible culprits were finally arrested.
Operation Bakovia: 5 suspects for distributing ransomware arrested in Romania
As evidence, police took a lot of relevant material from the suspects’ houses which could help prove their guilt. While we are hearing a lot of buzz about WannaCry, NotPetya and BadRabbit, we forget other ransomware infections that are just as dangerous, maybe even more. In total, controllers of CTB Locker have managed to make a profit of more than 27 million dollars, while Cerber had been estimated to have reached similar success: nearly 7 million dollars. While these infections continued to thrive and blackmail people, their profits might have reached even more impressive numbers.
The suspects were determined due to the information, provided by Romanian authorities. According to them, law agencies that track activity of cyber criminals were able to determine sources of spam letters which distributed the formerly mentioned ransomware infections. As usual, the deceptive messages had certain attachments. If ran, they infected people with crypto-malware and demanded ransoms as the last resort for file-recovery.
Short reminder of Cerber and CTB Locker ransomware infections
Cerber virus is one of those ransomware infections that still survive despite the numerous attempts to prevent its distribution. Back in August of 2017, it adopted a new evasive technique, and in April of the same year, we wrote an article about Cerber’s ability to bypass machine learning. On the other hand, Cerber has not been around for as long as CTB Locker. Cerber infection was first detected in March of 2016, while CTB Locker has been around since 2014. Both of these ransomware viruses have been highly successful and are considered one of the most intimidating infections due to their persistent techniques.
If you are worried about your operating system being influenced by ransomware, we suggest you stop downloading attachments from random email letters. Furthermore, do not back up your files in storages to have an alternative source for them. If the original versions get encrypted, you will still be able to obtain your data from another source.
Source: bankinfosecurity.com.