Europol Disrupts Rex Mundi Cybercrime Group

Europol Disrupts Rex Mundi Cybercrime Group

Europol has taken major steps to disrupting a long-running global cybercrime group after eight arrests in the past year including one in Thailand announced last week.

The international operation supported by Europol and the Joint Cybercrime Action Taskforce (J-CAT) was begun after an unnamed UK company was hit by a major cyber-attack in May 2017.

That attack was claimed by the infamous Rex Mundi group. A French-speaking member of the group called Europol following the incident to demand a €580,000 ransom in Bitcoin for non-disclosure of the customer data stolen or over €825,000 for information on how the group compromised the firm’s systems.

However, the UK Metropolitan Police, the French National Police (High Tech Crime Unit Central Office OCLCTIC-DCPJ) and Europol sprung into action and a month later five people were arrested by the French authorities.

This was followed by two more arrests in France in October last year and now the eighth arrest by the Royal Thai Police of a “French national with coding skills.”

“This case illustrates that cyber-related extortion remains a common tactic among cyber-criminals, as identified in the IOCTA 2017 [Internet Organised Crime Threat Assessment report],” said Europol. “As indicated in the report, for such financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins.”

This is the kind of cross-border law enforcement co-operation that some experts have warned may become harder following Brexit.

The UK is dependent on the EU to help protect its security interests – including those in cyber-space. If it leaves, the UK might be able to renegotiate an agreement on info-sharing but it won’t have the benefits it currently has, such as direct access to the Europol database, or “the ability to involve itself into our intelligence projects and many other areas,” Europol director, Rob Wainright, said in February 2016.

Source: Information Security Magazine