Spanish police have arrested a dozen individuals suspected of being members of the infamous Reveton ransomware gang.
With assistance from Interpol and Europol, the Spanish police detained the suspects in Spain's Costa del Sol: six Russians, two Ukrainians and two Georgians.
Authorities estimate that this ransomware operation netted the group more than 1 million euros a year.
A video, made available on YouTube by Spanish Brigada de Investigación Tecnológica de la Policía Nacional, shows yesterday's police operation in progress, focusing on the gang's financial cell.
The gang leader, a 27 year-old Russian national, was reportedly arrested in December while holidaying in Dubai UAE, but his arrest was seemingly kept under wraps until they were able to round up the rest of the crew.
Spanish police are still working to extradite him to Spain.
The Reveton crew makes use of ransomware, which is malicious software that locks you out of your computer or your data, and demands money to let you back in.
Reveton pretends to be a warning from the police. It locks you out of your PC, threatens criminal proceedings within 48 hours - usually for accessing file sharing, child pornography or terrorist sites. The ultimate goal is to scare the victim into forking over a fine - typically about $200 USD.
Naked Security writer Paul Ducklin explains Reveton/FBI ransomware, in this great video:
This arrest is a great coup for the Spanish authorities. Working with international and european authorities and firms like Trend Micro, they might have just have dismantled a seriously notorious malware gang.
More than 1200 complaints of a "POLICE VIRUS" were reported to the Spanish authorities - a tiny percentage of the number of suspected victims. There is little doubt however that these 1200 complaints were instrumental in focusing the authorities' efforts on dismantling the Reveton malware gang.
Let this arrest be a reminder that we all have a part to play: reporting cyber crime is essential to ensure these very real crimes get the appropriate consideration. By law, authorities need to record your complaint, and this can be very valuable when trying to negotiate resources for a particular sting
To learn more about reporting computer crime, check out this series authored by cybercrime expert Bob Burls, who served as a Detective in the UK in the Metropolitan Police Computer Crime Unit, the NHTCU and the PCeU:
- How to report a computer crime: Fake anti-virus
- How to report a computer crime: Trolling
- How to report a computer crime: Phishing attack
- How to report a computer crime: SQL injection website attack
- How to report a computer crime: Unauthorised email account access