sb-as logo
Story image

French national behind UK data breach caught in Thailand

19 Jun 2018

Europol has revealed details surrounding the arrest of a 25-year-old coder who allegedly helped to extort a British organisation.

On May 18 the Royal Thai Police arrested the man based on a French international arrest warrant as part of a joint crackdown supported by Europol and the Joint Cybercrime Action Taskforce.

The saga started in May 2017 when the criminals launched a cyber attack against a British-based firm and compromised a large amount of customer data.

The attackers claimed to be from an organisation called ‘Rex Mundi’.  A few days later, a French-speaking person called the breached organisation and shared some of the compromised data to prove they had access.

“He also demanded ransom of either almost EUR 580 000 for the non-disclosure of the customer data or over EUR 825,000 for information on the security breach and how to handle it. For each day the company failed to pay, there would be a ransom of EUR 210,000. The ransom was to be paid in Bitcoin,” Europol says.

After intensive cooperation between the UK Metropolitan Police, the French National Police and Europol, Europol’s 24/7 Operational Centre was able to track down a French national.

According to Europol, five people connected to the attack were arrested by French authorities in June 2017.

“The main suspect admitted his involvement in the blackmail but hired the services of a hacker on the dark web to carry out the cyber attack,” a statement from EUROPOL says.

French National Police caught a further two hackers in October 2017, and in May 2018 Royal Thai Police caught a final accomplice, a French national with coding skills, in Thailand.

“This case illustrates that cyber-related extortion remains a common tactic among cybercriminals… financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins,” Europol concludes.

The Rex Mundi cybercrime group has been involved in a number of cyber attacks over the years, including attacks against Domino’s Pizza, a failed attempt against Swiss Banque Cantonale de Geneve, and other targets.

According to a Reuters report from 2015, the Swiss Banque Cantonale de Geneve refused to pay the ransom demands that equated to EUR 10,000. As a result, the Rex Mundi group published the information.

A bank spokesperson said that the published information was of ‘no particular financial risk for clients or the bank’. The spokesperson said the information did not involve account information.

Story image
LogRhythm buys out MistNet to bolster analytics capabilities
LogRhythm says its aim is to bring stronger levels of machine learning-based detection and response.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Cybercriminals leverage AI to sustain attacks on enterprises
What is less discussed is how cybercriminals are taking advantage of those very same technologies to automate their attacks, too.More