Moldovan Authorities Detain Individual Linked to €4.5 Million Ransomware Incident Targeting Dutch Research Agency

Moldovan law enforcement has apprehended a 45-year-old foreign national linked to a series of ransomware attacks on Dutch enterprises in 2021. This individual is sought internationally for engaging in numerous cybercrimes, including ransomware assaults, extortion, and money laundering targeting companies in the Netherlands.

In conjunction with the arrest, authorities confiscated over €84,000 (approximately $93,000) in cash, an electronic wallet, two laptops, a mobile phone, a tablet, six bank cards, two data storage devices, and six memory cards. The suspect was detained following a thorough search of his residence in Moldova. Notably, he is reported to have orchestrated a ransomware attack on the Netherlands Organization for Scientific Research (NWO), which incurred material damages estimated at around €4.5 million.

The incident transpired in February 2021, resulting in a breach of internal documents after NWO declined to meet the ransom demand. This incident was attributed to the cybercriminal group known as DoppelPaymer. The attacker effectively disabled network drives, compromised document accessibility, and pilfered various files. As a principled stance against paying ransoms, NWO subsequently published some of the stolen documents.

DoppelPaymer, which emerged in June 2019, is believed to share foundational code with the BitPaymer ransomware, as indicated by similarities in their ransom notes and payment mechanisms. In March 2023, law enforcement agencies in Germany and Ukraine initiated actions against key members of the cybercrime faction responsible for extensive attacks utilizing DoppelPaymer ransomware.

Additionally, German authorities issued arrest warrants for three alleged operatives of the DoppelPaymer group: Igor Olegovich Turashev, Igor Garshin (also known as Igor Garschin), and Irina Zemlianikina, identified as principal figures within the organization.