The Amsterdam cybercrime police team has arrested three men for ransomware activity that generated €2.5 million from extorting small and large organizations in multiple countries. All three members were between the ages of 18 and 21. Victims include online shops, software firms, social media companies, and institutions connected to critical infrastructure and services. The actors would demand a ransom from the companies in exchange for not leaking sensitive data they were able to steal during the attack, but in most cases, the group would still leak the data even if the company paid the ransom.
Analyst Notes
The threat of leaking data if a ransom is not paid is a common tactic amongst ransomware actors. In this case, the group would still leak data even if ransom was paid. By using this model, the group was setting themselves up to not get paid by anyone because there would be no benefit to paying. Although this is a risk taken by companies paying a ransom, most groups do not follow this model to try and build “trust” between their victims.
https://www.bleepingcomputer.com/news/security/dutch-police-arrest-three-ransomware-actors-extorting-25-million/
