French national behind UK data breach caught in Thailand

19 Jun 18

Europol has revealed details surrounding the arrest of a 25-year-old coder who allegedly helped to extort a British organisation.

On May 18 the Royal Thai Police arrested the man based on a French international arrest warrant as part of a joint crackdown supported by Europol and the Joint Cybercrime Action Taskforce.

The saga started in May 2017 when the criminals launched a cyber attack against a British-based firm and compromised a large amount of customer data.

The attackers claimed to be from an organisation called ‘Rex Mundi’.  A few days later, a French-speaking person called the breached organisation and shared some of the compromised data to prove they had access.

“He also demanded ransom of either almost EUR 580 000 for the non-disclosure of the customer data or over EUR 825,000 for information on the security breach and how to handle it. For each day the company failed to pay, there would be a ransom of EUR 210,000. The ransom was to be paid in Bitcoin,” Europol says.

After intensive cooperation between the UK Metropolitan Police, the French National Police and Europol, Europol’s 24/7 Operational Centre was able to track down a French national.

According to Europol, five people connected to the attack were arrested by French authorities in June 2017.

“The main suspect admitted his involvement in the blackmail but hired the services of a hacker on the dark web to carry out the cyber attack,” a statement from EUROPOL says.

French National Police caught a further two hackers in October 2017, and in May 2018 Royal Thai Police caught a final accomplice, a French national with coding skills, in Thailand.

“This case illustrates that cyber-related extortion remains a common tactic among cybercriminals… financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins,” Europol concludes.

The Rex Mundi cybercrime group has been involved in a number of cyber attacks over the years, including attacks against Domino’s Pizza, a failed attempt against Swiss Banque Cantonale de Geneve, and other targets.

According to a Reuters report from 2015, the Swiss Banque Cantonale de Geneve refused to pay the ransom demands that equated to EUR 10,000. As a result, the Rex Mundi group published the information.

A bank spokesperson said that the published information was of ‘no particular financial risk for clients or the bank’. The spokesperson said the information did not involve account information.

Share on: LinkedIn Twitter Facebook