Story image

French national behind UK data breach caught in Thailand

19 Jun 2018

Europol has revealed details surrounding the arrest of a 25-year-old coder who allegedly helped to extort a British organisation.

On May 18 the Royal Thai Police arrested the man based on a French international arrest warrant as part of a joint crackdown supported by Europol and the Joint Cybercrime Action Taskforce.

The saga started in May 2017 when the criminals launched a cyber attack against a British-based firm and compromised a large amount of customer data.

The attackers claimed to be from an organisation called ‘Rex Mundi’.  A few days later, a French-speaking person called the breached organisation and shared some of the compromised data to prove they had access.

“He also demanded ransom of either almost EUR 580 000 for the non-disclosure of the customer data or over EUR 825,000 for information on the security breach and how to handle it. For each day the company failed to pay, there would be a ransom of EUR 210,000. The ransom was to be paid in Bitcoin,” Europol says.

After intensive cooperation between the UK Metropolitan Police, the French National Police and Europol, Europol’s 24/7 Operational Centre was able to track down a French national.

According to Europol, five people connected to the attack were arrested by French authorities in June 2017.

“The main suspect admitted his involvement in the blackmail but hired the services of a hacker on the dark web to carry out the cyber attack,” a statement from EUROPOL says.

French National Police caught a further two hackers in October 2017, and in May 2018 Royal Thai Police caught a final accomplice, a French national with coding skills, in Thailand.

“This case illustrates that cyber-related extortion remains a common tactic among cybercriminals… financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins,” Europol concludes.

The Rex Mundi cybercrime group has been involved in a number of cyber attacks over the years, including attacks against Domino’s Pizza, a failed attempt against Swiss Banque Cantonale de Geneve, and other targets.

According to a Reuters report from 2015, the Swiss Banque Cantonale de Geneve refused to pay the ransom demands that equated to EUR 10,000. As a result, the Rex Mundi group published the information.

A bank spokesperson said that the published information was of ‘no particular financial risk for clients or the bank’. The spokesperson said the information did not involve account information.

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.