The Dutch police have arrested three young people aged 18 to 25 for allegedly extorting money from thousands of companies with ransomware attacks.
They are reportedly generating over €2.5 million from all these operations while attacking various companies for years. Their regular operation includes stealing sensitive data from companies and extorting them to pay ransom for not leaking them publicly.
Arresting Young Ransomware Actors
The Dutch police this week have arrested three young men – aged 18 to 21, on various counts of cybercrime. This majorly included ransomware attacks, where the gang had hit thousands of companies across online shops, software firms, social media companies, and critical infrastructure and services.
Operating for years, the gang had reportedly earned €2.5 million from their extorting attempts against small and large companies in multiple nations. Their operations start by compromising companies and stealing their sensitive data like their employee’s and customers’ names, email addresses, telephone numbers, bank account numbers, credit card details, account passwords, license plates, and passport details.
Packing them all, they’d then demand ransom to stop leaking them. This extortion ranges from €100,000 and €700,000, depending on the size of the organization they hacked. And even if victims paid the said ransom amount, these actors would still leak the stolen data. This caters to extra earnings, as there are dedicated underground marketplaces for buying and selling stolen data for other crimes.
Dutch police started investigating these crimes in March 2021, after a major Dutch company declared becoming a victim of a ransomware attack. Progressing in this case, the Dutch police said,
“Thousands of small and large companies and institutions, both nationally and internationally, have fallen victim to computer breaches from the trio in recent years (hacking), followed by theft and selling of their data”
Amsterdam’s cybercrime unit has also been worrying about the rise of data brokers, who’re now processing stolen data to cater a better value off them when sold.