Story image

French national behind UK data breach caught in Thailand

19 Jun 2018

Europol has revealed details surrounding the arrest of a 25-year-old coder who allegedly helped to extort a British organisation.

On May 18 the Royal Thai Police arrested the man based on a French international arrest warrant as part of a joint crackdown supported by Europol and the Joint Cybercrime Action Taskforce.

The saga started in May 2017 when the criminals launched a cyber attack against a British-based firm and compromised a large amount of customer data.

The attackers claimed to be from an organisation called ‘Rex Mundi’.  A few days later, a French-speaking person called the breached organisation and shared some of the compromised data to prove they had access.

“He also demanded ransom of either almost EUR 580 000 for the non-disclosure of the customer data or over EUR 825,000 for information on the security breach and how to handle it. For each day the company failed to pay, there would be a ransom of EUR 210,000. The ransom was to be paid in Bitcoin,” Europol says.

After intensive cooperation between the UK Metropolitan Police, the French National Police and Europol, Europol’s 24/7 Operational Centre was able to track down a French national.

According to Europol, five people connected to the attack were arrested by French authorities in June 2017.

“The main suspect admitted his involvement in the blackmail but hired the services of a hacker on the dark web to carry out the cyber attack,” a statement from EUROPOL says.

French National Police caught a further two hackers in October 2017, and in May 2018 Royal Thai Police caught a final accomplice, a French national with coding skills, in Thailand.

“This case illustrates that cyber-related extortion remains a common tactic among cybercriminals… financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins,” Europol concludes.

The Rex Mundi cybercrime group has been involved in a number of cyber attacks over the years, including attacks against Domino’s Pizza, a failed attempt against Swiss Banque Cantonale de Geneve, and other targets.

According to a Reuters report from 2015, the Swiss Banque Cantonale de Geneve refused to pay the ransom demands that equated to EUR 10,000. As a result, the Rex Mundi group published the information.

A bank spokesperson said that the published information was of ‘no particular financial risk for clients or the bank’. The spokesperson said the information did not involve account information.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.