Moldovan Police Arrest Key Suspect in €4.5 Million International Ransomware Case

• Authorities in Moldova arrested an internationally wanted suspect in the NWO ransomware attack.
• Electronic devices and €84,800 in cash were seized as evidence upon searches conducted at his residence.
• The individual is under arrest at the moment, with extradition procedures to be initiated soon.

Moldovan authorities have arrested a 45-year-old suspect linked to a €4.5 million ransomware attack on the Netherlands Organization for Scientific Research (NWO) in a significant operation showcasing international cooperation in cybersecurity enforcement.

The suspect, a foreign national under international search warrant, is charged with targeting Netherlands-based companies with ransomware attacks, blackmail, and money laundering.

The individual, who has not been named, is accused of orchestrating ransomware campaigns that disrupted critical operations of Dutch organizations, including halting NWO’s grant processing in 2021, causing severe financial and operational impacts.

Authorities conducted searches of the suspect’s residence and car on May 6, seizing two laptops, one mobile phone, one tablet, six bank cards, six memory cards, an electronic wallet, and €84,800 in cash as evidence. 

He was apprehended following coordinated efforts between Moldova’s Center for Combating Cybercrime, Dutch law enforcement, and prosecutorial agencies, with support from Moldova’s Special Forces Brigade “Fulger” (Lightning).

According to the Dutch police, the NWO was targeted in February this year by a ransomware group known as DoppelPaymer. The attackers encrypted the organization's network and threatened to leak sensitive data if the ransom demand was not met. 

The NWO is responsible for funding scientific research projects in the Netherlands and has close ties with universities and research institutes across the country.

Extradition proceedings are underway to transfer the suspect to the Netherlands for legal prosecution.

This month, Polish authorities arrested administrators and seized domains in a significant blow to the illicit market for Distributed Denial of Service (DDoS)-for-hire platforms as part of a global crackdown operation.

Also, in February, four Russian nationals leading the 8Base cybercriminal group, suspected of deploying a variant of Phobos ransomware, were arrested in a Europol-led law enforcement operation.