Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021.
“He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands,” officials said in a statement Monday.
In conjunction with the arrest, police seized over €84,000 ($93,000) in cash, an electronic wallet, two laptops, a mobile phone, a tablet, six bank cards, two data storage devices, and six memory cards.
The suspect’s name was not disclosed. But he is said to have been detained after a search of his residence in Moldova. In at least one instance, the individual conducted a ransomware attack on the Netherlands Organization for Scientific Research (NWO), causing material damage worth approximately €4.5 million.
The attack took place in February 2021, resulting in the leak of internal documents after the organization refused to pay up. It was attributed to a ransomware crew known as DoppelPaymer.
“The attacker blocked network drives, rendered documents inaccessible, and stole some of our files,” NWO disclosed at the time. “Following a demand for a ransom, which NWO cannot and will not accept on principle, the organization published some of the stolen files.”
DoppelPaymer, a ransomware family that first appeared in June 2019, is believed to be based on the BitPaymer ransomware, due to similarities in their source code, ransom notes, and payment portals.
In March 2023, law enforcement authorities from Germany and Ukraine targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware.
Germany also issued arrest warrants against three alleged DoppelPaymer operatives – lgor Olegovich Turashev, Igor Garshin (aka Igor Garschin), and Irina Zemlianikina – who are said to be the “masterminds of the criminal group.”
