Five Individuals Arrested in Connection with Campaigns Involving CTB Locker and Cerber

Cybercriminals allegedly linked to two of the most infamous malware of recent years were arrested in Romania after the Romanian anticrime organization Directorate for Investigating Organized Crime and Terrorism (DIICOT), working with authorities from the Europol, the FBI, and various European police forces, caught five individuals with links to campaigns that distributed the CTB-Locker and Cerber ransomware.

The Critroni, or Curve-Tor-Bitcoin (CTB) Locker, first emerged back in 2014 as a ransomware variant that utilized the Tor network to mask its activity and hide from law enforcement agencies. On the other hand, Cerber emerged as an extremely persistent and ever-evolving malware that has added multiple features over the years to increase its effectivity.

The operation, dubbed as "Bakovia", involved the search of six houses in Romania, in which the investigators managed to retrieve laptops, hard drives, external storage devices, cryptocurrency mining devices, and documents. The the arrested individuals were allegedly involved with a group being charged for a variety of illegal acts, including unauthorized computer access and misuse of devices with the intent of committing cybercrimes, and blackmail. The investigation for the attacks started out as separate ones for individual campaigns involving the use of CTB Locker and Cerber, but were merged when the investigators discovered that the same group ran both campaigns.

Further details revealed that the suspects were allegedly not responsible for developing the malware they used for the attacks, but simply acquired them from the actual developers for a 30% cut of the profit. This Ransomware-as-a-Service (RaaS) scheme is also known as an affiliate program, which is a common service in the dark web.

The arrests further show that the threat actors behind the spread of malware often do not need advanced technical knowledge to pull off successful campaigns. The rise of RaaS and other cybercrime services allow dangerous malware to be easily accessible to anyone with the means and the motives. This means that users and organizations have to ensure the security of their systems and devices, as attacks are no longer limited to “professionals”.

Trend Micro Ransomware Solutions and Best Practices                                       

Users can refer to this entry on ransomware best practices to know more about how to prevent ransomware such as CTB Locker and Cerber from infecting their systems. Enterprises can benefit from a multi-layered approach in order to best mitigate the risks brought by these threats. Email and web gateway solutions such as Trend Micro™ Deep Discovery™ Email Inspector and InterScan™ Web Security prevent ransomware from ever reaching end users. At the endpoint level, Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat. Trend Micro Deep Discovery Inspector detects and blocks ransomware on networks, while Trend Micro Deep Security™ stops ransomware from reaching enterprise servers–whether physical, virtual or in the cloud. 


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.