MADRID - Spanish police and Europol have busted a global cybercrime operation that infected millions of computers with a virus that falsely accused victims of viewing child pornography and demanded a fine payment, officials said Wednesday.
The scam began when the virus infected the host computer, and showed this intimidating message. (Screencap by Malwaretips.com)
Police detained 11 people as part of the operation, including a 27-year-old Russian suspected of creating and distributing the virus, Europol director Rob Wainwright told a news conference in Madrid.
The virus locked computers in more than 30 countries, mostly in Europe, and it demanded payment of a fine of 100 euros (about 4,000 baht, $135) to return control to its user, he said.
The message generated by the virus used the logo of the national police force and the language of the country where the computer was based to accuse the victim of having viewed child pornography or pirated movies online, he added.
"This operation is the first major operation of its kind," Wainwright said.
"This is an example of the evolving nature of cybercrime online, of how cybercrime is becoming more sophisticated."
The authorities said the cybercrime group raised millions of euros with its scam but could not yet cite a precise amount.
They estimated that about three per cent of those whose computers were infected by the virus paid the fine that was demanded.
Europol said in a statement that it was "the largest and most complex cybercrime network dedicated to spreading police ransomware."
Police detained 10 people - six Russians, two Ukrainians and two Georgians - last week on Spain's Costa del Sol as part of the investigation, said Spain's secretary of state for security, Francisco Martinez.
The suspected author of the virus was detained while he was on holiday in Dubai in December, he added. He is currently awaiting extradition to Spain.
Of the 10 suspects detained in Spain, six have been remanded in custody while the investigation continues and the remaining four were released on bail.
They are accused of fraud, money laundering, forging documents and membership of an organised crime group.
The investigation remains open and further arrests are likely, police said.
The authorities began their investigation, dubbed "Operation Ransom", in November 2011 after detecting the virus in six European countries.
The network created 48 different versions of the virus to ensure that it was not detected by anti-virus software, said Martinez.
So-called "ransomware" viruses, which try to make victims pay an on-the-spot fine, are becoming more prevalent but most strains only accuse people of pirating movies or music. Others scramble data that is only unscrambled when a fee is paid.