Dutch police help to roll up international ransomware gang

A major international police investigation into cybercrime has detected twelve suspects in eight countries. It‘s all Ukrainians. They would have been a member of a network that placed ransomeware on government computers, critical infrastructure and multinationals.

The attacks are believed to have caused more than 1,800 victims in 71 countries, police say. Dozens of Dutch companies also fell victim to it.

The suspects have not yet been apprehended. This is not possible at the moment, because Ukrainian law does not allow it, says a Dutch police spokesman. It may be possible later, if more evidence is available.

Last Tuesday, in Ukraine and Switzerland, homes of the suspects were searched. That action found traces of criminal activity and clues as to where the money earned remained. Luxury cars, expensive watches and large cash sums have been seized.

Load Balancing

The suspects had different functions within the network, police say. Some were looking for vulnerabilities in computer networks, others sent phishing emails.

Once ransomware blocked the victims’ computers, they received a message saying they could get decryption keys if they paid for them. Payments went into bitcoins which were then laundered.


A Rotterdam based multinational also fell victim to the gang. The company filed a report in March 2019. What company it was about has not been disclosed.

Six months later, at the initiative of France, a Europol investigation of this gang started. The Dutch researchers joined in.

Four Dutch specialists were in Ukraine on Tuesday to secure evidence of suspects in the search of homes.