Spanish Police in conjunction with Europol have arrested 11 men from a Russian criminal gang in relation to a larges and complex cybercrime network which earned up to €1 million a year.

An analyst looks at code in the malware lab of a cyber security defense lab. (Credit:Reuters)

First detected in May 2011, the police malware which these criminals were using to extract money from innocent victims is estimated to have infected tens of thousands of PCs around the world.

Police ransomware is a type of malware that blocks your computer, accusing you of having visited illegal websites containing child abuse material or file sharing, and requests the payment of fine to unblock it.

By dressing the ransomware up to look as if it comes from a law enforcement agency, cybercriminals convince the victim to pay the 'fine' of €100 through two types of payment gateways - virtual and anonymous - as a penalty for the alleged offence.

The criminals then go on to steal data and information from the victim's computer. Since the virus was detected in May 2011, there have been more than 1200 reported cases just in Spain, and the number of victims could be much higher.

As part of Operation Ransomware, the Spanish Police worked closely with the European Cybercrime Centre (EC3) at Europol and first arrested a 27-year-old Russian man while he was on holidays in the United Arab Emirates on the back of an international warrant issued for his arrest.

This man is credited with the creation, development and dissemination of various versions of the malware internationally. The Spanish authorities are now seeking his extradition to Spain.


The police also arrested ten men (six Russians, two Georgians and two Ukrainians) in the Costa Del Sol, where the gang had established a base in order to launder the money they obtained through the ransomware.

For this, the gang employed both virtual systems for money laundering and other traditional systems using various online gaming portals, electronic payment gateways or virtual coins. They also used compromised credit cards to extract cash from the accounts of ransomware victims via ATMs in Spain.

Security company Trend Micro has also been assisting the authorities to identify the people behind what it called the Reveton ransomware. According to security researcher at Trend Micro, Rik Ferguson, the company helped the authorities figure out the infrastructure of the malware network:

"As a direct result of activities carried out by Trend Micro threat research, they were able to map the criminal network infrastructure including traffic redirection and command and control servers."

The collaboration between police and private security companies like Trend Micro is nothing new, with companies like Kaspersky Labs, Symantec and F-Secure all involved in high-profile operations in recent years.

Ferguson believes this is the way forward in combating cyber criminals:

"This coordinated activity, leading directly to the arrest of individuals believed to be actively engaged in cybercrime rather than simply taking down associated infrastructure, should serve as a model for how the security industry and law enforcement can effectively cooperate in the fight against online crime."