The Romanian Police, key player in the cybercrime fight
The GandCrab threat spreads through advertisements published on infected sites or through fictitious receipts and invoices sent as attachments in emails.
Once the victim accesses the attack vector, GandCrab blocks the important files on the device used and then blackmails.
There are over 50,000 victims in less than a month, including Romania, and substantial rewards are required to give access to data in exchange for the decryption key, claiming rewards ranging from $ 300 to $ 500 in the virtual currency DASH, used for the first time for criminal activities associated with ransomware.
The significant difference between the amounts claimed for victims is explained by the fact that cyber criminals have developed an affiliate service that allows GandCrab to spread by any other group interested in earning money.
The Romanian Police, through officers specialized in fighting cybercrime, under the coordination of D.I.I.C.O.T., in partnership with Bitdefender as global security solution maker and with EUROPOL, make available to the public a data decryption tool that offers victims of the GandCrab class to recover that data without paying rewards to cyber criminals.
The kit works for all known versions of the GandCrab ran - somware threat, available on www.nomoreransom.org. - an online portal written also in Romanian language, and in the section on decryption tools on labs.bitdefender.com. The appli cation can be found on www.nomoreransom.org, along with other 95 antifreeware solutions made available to the public for free.
The No More Ransom project was launched in July 2016 by Dutch national police and Europol, the European Union's anti-crime institution, aimed to raise the level of collaboration between the public and private sectors in the fight against ransomware. On nomoreransom.org, users can find out more about ransomware and how to avoid this threat.
Romanian Police and D.I.C.O.T. have become partners of the No More Ransom project. To prevent infection with ransomware, users are advised to keep copies of important data, use a security solution, and avoid accessing links or files from unsolicited emails.
Companies - hacker target
2016 was the ransomware year, and the threats still targets the companies. Data extracted from Bitdefender telemetry shows that infection with ransomware is one of the most profitable actions of cyber crime, with investment returns of about 1,500%. Experts estimate that the damage caused by ransomware would exceed one billion dollars in one year.
That's why, after the impressive 2016 results, developers of ransomware threats allocate additional resources to improve the victim's automatic targeting system.
This feature developed for the first time will help them to distinguish ordinary users from companies and, as a result, try to blackmail them for exorbitant amounts.
The secret of the increased profitability of ransomware is that users value their personal data and information stored at various terminals, but they do not back-up their data and they don’t update constantly their cyber security solutions.
Experts point out that half of the ransomware infected users would pay to recover their encrypted data from attackers, and for businesses whose data is vital, cyber pirates rely on an even higher percentage.
In the case of companies, aggressive versions of ransomware are expected not to be limited to file encryption and rewarding, but to diversify themselves to blackmailing users and threatening them to publish the documents on the Internet if the reward is not paid. Thus, although victims will be able to retrieve free of charge encrypted data from the Internet, they will also be able to be accessed by third parties, causing significant image damage.
For the first time, Romanian-American cooperation cryptocurrencies Ripple and Bitcoin, become unavailable due to a court freezing order
The case, which is a premiere for the Romanian Police, has as its starting point a request for international judicial assistance, transmitted by the Secret Service (United States). In this context, the Directorate for Combating Organized Crime, under the coordination of D.I.C.O.T., has conducted investigations concerning a group of Romanians involved in various forms of computer fraud, including money laundering. The victims were American citizens, and the damage was about $ 34,000,000.
Research has shown that the criminal activity of the people involved would start in 2016 through e-commerce sites. Group members posted merchandise ads that in reality do not exist, convincing customers to send money for ordered goods (inexistent).
Following the request received from the competent authorities of the United States of America, nearly 100 officers in the organized crime fighting structures in Bucharest, Craiova, Cluj, Ploiesti, Pitesti, Olt, Ilfov, Ialomita, Teleorman and Vâlcea under the coordination of DIICOT, were conducted 27 searches at the domiciles and residence of the targeted persons. Secret Service agents also participated in these interventions.
51 mobile phones, 8 HDDs, 40 memory sticks, 32 laptops, 12 tablets, five PC center units, 86 optical media (CD / DVD), a camera, 11 bank cards, three memory cards and two cars (approximately 61,000 euros) were confiscated or made inoperable. Also, were raised the sums of 207,600 lei, 24,500 euros, 5,000 USD and 5,500 CHF. Through the Financial Investigation Service of Organized Crime Groups from DCCO, enforcement orders were issued for 10 real-estate properties (seven land, one house and two apartments) with a total estimated value of 310,000 euros.
For the first time for the law enforcement authorities in Romania, Ripple and Bitcoin with an estimated value of $ 5,000 were crippled.
In the case, 18 persons were identified and headed at the D.I.I.C.O.T. headquarter, as well as at the anti-organized crime brigades in Cluj and Craiova.
At the same time, 14 persons involved were taken over by the Tracking Service within the Criminal Investigation Division to initiate the procedures to execute the international arrest warrants. Afterwards, the persons concerned were extradited to the United States of America.
The research - carried out in terms of committing cybercrime, money laundering and the setting up of an organized criminal group - benefited from the specialized support from the Special Operations Division of the Romanian Police.