Dutch Police Arrest Three Ransomware Actors Demanding €2.5 Million

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Feb 24, 2023 03:24 am PST

Dutch police detained three individuals on suspicion of hacking into businesses’ computer systems, extorting their management, issuing threats, and dealing in stolen data. The criminals allegedly damaged property worth millions of euros. Tens of millions of people’s private information was taken, including millions in the Netherlands.

Names, addresses, phone numbers, dates of birth, credit card numbers, bank account numbers, passwords, license plate numbers, citizen identification numbers, and passport information are among the stolen data. Various kinds of enterprises were impacted, including social media companies, online stores, training and educational facilities, hotel firms, and software providers.

The victims paid as much as 700,000 euros in some situations. The primary suspect was revealed to be a 21-year-old from Zandvoort who was reportedly cooperating with an 18-year-old from Rotterdam. They were held in restrictive custody and only permitted contact with their attorneys. According to Dutch police, an 18-year-old without a definite address was also taken into custody in Naaldwijk. Based on the authorities, they were detained on January 23.

The arrests were unable to be made public prior to Thursday due to the limitations placed on them and to protect the integrity of the investigation. The Zandvoort guy was found in possession of 45,000 euros in cash and 550,000 euros worth of bitcoin. According to the authorities, he reportedly used bitcoin to launder 2.5 million euros.

Dutch Police Says Bitcoin Used To Launder €2.5 Million

These detentions were connected to the detention of an Almere resident, 25, in the latter part of last year. He was detained on suspicion of cybercrime after being discovered in possession of personal information from Gebühren Info Service GmbH, which manages broadcast costs in Austria. According to Dutch authorities, the information of all Austrian residents was probably among the stolen data that was sold.

The investigation revealed on Thursday was started by the Amsterdam police cybercrime division about two years ago when a sizable, unnamed Dutch corporation reported data loss. According to investigators, the company stated it also received threats. It was discovered during the investigation that “possibly thousands of small and major enterprises and institutions.

Both domestic and foreign have been impacted by computer incursion – hacking – in recent years, and subsequently stolen,” leading to the sale of the data. Due to this theft and exchange, “tens of millions of privacy-sensitive personal data entered into the hands of criminals,” according to authorities.

Once the companies’ data had been accessed, they would start receiving threatening emails with an extortion attempts requesting bitcoin payment. If their demands were not met, the suspects threatened to harm the organization’s digital infrastructure or make the stolen material available to the public.

“Many businesses felt obligated to pay in the hopes of having their data protected. The overall cost to the businesses is in the millions. As far as is known, each company faced a ransom demand of over 100,000 euros, peaking at over 700,000 “the police claimed.

According to police, the stolen data was frequently sold even when the companies paid for it. Also, the accused hurt the organizations’ reputations and directly caused financial losses. On a personal level, many people suffered as well. For instance, a victimized corporate employee described to the police how he continuously worries that the stolen data would still be sold and how speaking to the police makes him fear for his safety.


The Amsterdam cybercrime police unit has detained three individuals for using ransomware to extort small and large businesses across international borders, generating €2.5 million. The suspects, all male teenagers between the ages of 18 and 21, are accused of collecting private information from victim networks and holding them for ransom. They allegedly attacked thousands of businesses. Examples of the victims are online stores, software companies, social media platforms, and organizations tied to vital infrastructure and services.

Depending on how big the company is, attacked, the threat actors demanded anywhere from €100,000 to €700,000. The extortion included threats to disclose the data or take down the business’s digital infrastructure. It’s unclear whether the hackers grabbed data and threatened to disclose it unless the victim paid a ransom or if they encrypted information during the attacks. According to the Dutch authorities, the hackers continued to sell the stolen material online even after the victims paid the ransom.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x