Spanish authorities announced Wednesday that they had arrested 10 people who were allegedly involved in a massive “ransomware” ring. The European Cybercrime Centre estimated that the criminal operation “affected tens of thousands of computers worldwide, bringing in profits in excess of €1 million euros ($1.34 million) per year.” The Spanish Ministry of the Interior described (Google Translate) the lead suspect as a “a 27-year-old citizen of Russian origin who was arrested in December in the United Arab Emirates,” and now awaits extradition to Spain. The newly arrested 10 were linked to the financial cell of the ransomware operation, and include six Russians, two Ukrainians, and two Georgians. The Ministry added that the operation remains “open,” suggesting that more arrests could be forthcoming. (Spanish authorities posted a video (RAR) of the new arrests and raid.) Madrid dubbed the ransomware used by the ring a “police virus” because it throws up a notice that appears to come from law enforcement. The malware requires the user to pay €100 ($134) as a “fine” from a false accusation of accessing child pornography or file-sharing websites. When the victims submit their payment details, European authorities added , the “criminals then go on to steal data and information from the victim’s computer.” Read 7 remaining paragraphs | Comments
Read the original:
Spanish police bust alleged “ransomware” ring that took in $1.34M annually
Aurich Lawson Early on Halloween morning, members of Facebook’s Computer Emergency Response Team received an urgent e-mail from an FBI special agent who regularly briefs them on security matters. The e-mail contained a Facebook link to a PHP script that appeared to give anyone who knew its location unfettered access to the site’s front-end system. It also referenced a suspicious IP address that suggested criminal hackers in Beijing were involved. “Sorry for the early e-mail but I am at the airport about to fly home,” the e-mail started. It was 7:01am. “Based on what I know of the group it could be ugly. Not sure if you can see it anywhere or if it’s even yours.” The e-mail reporting a simulated hack into Facebook’s network. It touched off a major drill designed to test the company’s ability to respond to security crises. Facebook Facebook employees immediately dug into the mysterious code. What they found only heightened suspicions that something was terribly wrong. Facebook procedures require all code posted to the site to be handled by two members of its development team, and yet this script somehow evaded those measures. At 10:45am, the incident received a classification known as “unbreak now,” the Facebook equivalent of the US military’s emergency DEFCON 1 rating. At 11:04am, after identifying the account used to publish the code, the team learned the engineer the account belonged to knew nothing about the script. One minute later, they issued a takedown to remove the code from their servers. Read 31 remaining paragraphs | Comments 
