Law enforcement of Poland arrested the ransomware author of Polski, Vortex and Flotera malware variants on Wednesday(March 14th, 2018) last week and seized computer equipment containing several encryption keys.
Tomasz T is the name of the arrested cyber criminal from Poland living in Belgium and was an internationally wanted criminal facing 181 different charges.
A judge immediately pronounced a three months detention to the arrested cyber criminal after he pleaded guilty right from the stage of arrest and was said to be fully cooperating with the investigators.
Since 2013, Tomasz T was seen active on dark web spreading malware and banking Trojans that would replace bank account no’s in users clipboards with one of his own, paving the way to receive undeserved bank transfers.
From the year 2017, Tomasz T shifted his web operations to ransomware writing and spread. He did so by introducing Polski Ransomware to online users in late January’17. Then in March Tomasz developed a Vortex strain and then Flotera strain in the same month.
Out of the said 3 ransomware variants, Vortex remained active throughout 2017 and was found circulating even in January 2018.
According to a source from Bleeping Computer, most of the said ransomware victims were from Poland and some from Northern America.
Tomasz was active online under the name of ‘Armagedon’ and was seen spreading the 3 ransomware variants through a large email spear phishing campaign. He used to first target victims by posing as a representative of well-known companies operating in Poland such as DHL, WizzAir, Pay U, Cinema City, and then used to target the victim’s computer with malware.
Polish law enforcement authorities say that the said cyber crook make over $145,000 from his criminal endeavors and gathered most of the ransom in Bitcoins, transferred the funds to his BTC wallet and then exchanged the funds in fiat currency.
As the guy was also active in trading bitcoins, Poland cops suspect that the guy made around $20,000 profit in November last year, just by buying and selling BTC gathered from his ransomware spread.