Cybergang made more than $1 million a year using a virus that used false threats to compel people to pay to have it removed.
MADRID – Spanish authorities on Wednesday announced the breakup of a cybercrime gang that used a "ransomware" virus to lock computers throughout Europe, display false messages claiming the action was taken by police and demand payment of $135 to unlock the computers.
The gang, operating from the Mediterranean resort cities of Benalmadena and Torremolinos, made at least $1.35 million annually, said Deputy Interior Minister Francisco Martinez. Their notices to victims were accompanied by false threats claiming they were under investigation for accessing child pornography or illegal file-sharing.
The 27-year-old Russian alleged to be the gang's founder and virus developer was detained in the United Arab Emirates at the request of Spanish police while on vacation. An extradition petition is pending, Martinez said. Six more Russians, two Ukrainians and two Georgians were arrested in Spain last week.
Europol, which coordinates national police forces across Europe and worked with Spanish authorities on the case, said the operation "dismantled the largest and most complex cybercrime network dedicated to spreading police ransomware."
Europol, based in The Hague, Netherlands, added that the gang infected tens of thousands of computers worldwide, and Spanish authorities said people from 30 mostly European nations were affected.
"It's an example of the evolving nature of cybercrime online," Europol director Rob Wainwright said. "It's an example of how cybercriminals are becoming more sophisticated in affecting thousands of people around Europe."
The virus displayed the national emblem of the police force in each country it appeared, telling people to buy prepaid electronic money cards to pay the fines online.
Authorities estimate less than 3 percent of those people whose computers were infected paid, but the amounts added up. The gang also stole data and information from victims' computers, and didn't unlock them after the fake fines were paid.
Money was also stolen from the victims' accounts via ATMs in Spain, and the gang made daily international money transfers through currency exchanges and call centers to send the funds stolen to Russia.
Spanish authorities identified more than 1,200 victims but said the actual number could be much higher. The government's Office of Internet Security received 784,000 visits for advice on how to get rid of the virus.
Those arrested face charges of money laundering, participation in a criminal operation and fraud.