Europol's European Cybercrime Centre has worked with the Romanian National Police and FBI on the arrest of a suspected ransomware affiliate who is alleged to have targeted high-profile organisations and companies for their sensitive data.
Europol said a 41-year old Romanian man has been arrested in Craiova, Romania. It said the man is suspected of compromising the network of a large Romanian IT company that delivers services to clients in the retail, energy and utilities sectors.
The suspect is accused of targeting organisations in ransomware attacks, encrypting files and stealing sensitive data. He's suspected of demanding a "sizeable" ransom payment in cryptocurrency, and threatening to leak the stolen data if the victim didn't give in to the extortion attempt.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The attacker stole financial information about the company, personal information about employees, customer details and other sensitive details, and attempted to blackmail the victim into paying a ransom with a threat to publish the data. It wasn't revealed if this attempt at extortion was successful or not.
Europol supported the investigation by tracing cryptocurrency payments, providing malware analysis and forensic support, and deploying experts to Romania.
The arrest is the latest in a string of arrests by the Romanian authorities, which last month arrested two individuals suspected of involvement in Sodinokibi/REvil ransomware attacks.
A recent report by Europol warned that ransomware attacks are getting more sophisticated as cyber criminals look towards new tactics and techniques to maximise the chances of successfully receiving a ransom payment, something that regularly costs victims millions of dollars.
"Perpetrators continue to be increasingly ruthless and methodical in their modi operandi," said the report.