Investigators have arrested five suspected hackers for distributing the CTB Locker and Cerber ransomware strains across Europe and the US.
Romanian police searched six homes and seized the computer hardware from the group, Europol announced on Wednesday. Three of the alleged hackers were charged with spreading CTB Locker, one of the largest ransomware families, according to security firm McAfee, which aided law enforcement in the investigation.
Like other ransomware, CTB Locker attacks computers by encrypting the files on board, and then demanding a ransom from the owner to free them. It was first spotted in 2014 and targets Windows PCs.
The three suspects arrested in connection to CTB Locker were found spreading the ransomware through spam messages, which pretended to come from well-known companies in Italy, the Netherlands, and the UK. “More than 170 victims from several European countries have been identified to date,” Europol said.
The two other suspects in the group are being charged with infecting US-based computers with Cerber, a newer form of ransomware that first emerged in 2016. It too can also spread through spam messages and attacks Windows systems.
Unfortunately, the suspects arrested only distributed the two ransomware strains; 30 percent of their profits were sent to the still-unknown developers of CTB Locker and Cerber.
McAfee said CTB Locker was originally sold on black market forums for $3,000, before it became an affiliate program that enlisted other hackers to distribute the ransomware in exchange for a slice of the profits. Cerber has been sold in the same way, and infected 150,000 computers worldwide last year, according to security firm Check Point.
Both ransomware infections can be difficult to decrypt. To avoid getting attacked, it’s best to refrain from opening attachments from people you don’t know or clicking links within spam email messages. Backing up your data regularly and keeping your software up to date is also recommended. Users should also consider investing in antivirus solutions that can protect from ransomware attacks.