During the first year of the EU Cybercrime Center “we have only seen the tip of the iceberg”

Commissioner for Home Affairs Malmström: “Criminal behaviour is changing fast; we must be able to keep up with it.” The latest frontier, ‘Police Ransomware’: a malware restricting access to a computer, demanding a ransom for the restriction to be removed

From the ‘old good’ credit card, fraud to more sophisticated ones, such as the restricted access to a computer that can be ‘set free’ only after paying a ransom to the creator of the malware infecting it. The European Cybercrime Center (EC3) had to face the most diverse cybercrimes, causing millions of euro in loss to European citizens and economic system, during its first year of activity. “Criminal behaviour is changing fast, exploiting technological developments and legal loopholes (…) and we must be able to keep up with them,” said Commissioner for Home Affairs Cecilia Malmström, during the press conference following the presentation of the EC3 Report. “The European Cybercrime Centre has already earned well-deserved fame amongst law enforcement agencies, she added. “For sure it cannot solve all the problems,” admitted Commissioner Malmström, “but it is part of the answer, and in any case it has enormously helped Member States.”

The EC3 supports and coordinates operations and investigations conducted by Member States’ authorities, and this activity has led to several major operations against cybercrime in the last 12 months.

First, one operation led to the arrest of 29 suspects who had made a 9m euro profit by compromising the payment credentials of 30,000 credit card holders. Then, another operation resulted in the arrest of 59 persons, part of a network that produced devices and software to manipulate PoS terminals, affecting bank/credit cardholders. Other two operations resulted in the arrest of 117 criminals that used credit card details stolen from cardholders for buying airline tickets. Most of the travels were connected to criminal activities. Currently, nine large child sexual exploitation police operations are followed by the EC, and another operation was related to so-called Police Ransomware – a type of malware that blocks the victim’s computer, accusing the victim of having visited illegal websites containing child abuse material or other illegal activity. Criminals request the payment of a “fine” to unblock the victim’s computer, making the Ransomware look as if it comes from a legitimate law enforcement agency. Cybercriminals convince the victim to pay the ‘fine’ of around €100; 13 arrests were made, mainly in Spain, following the investigations.

“I am proud and satisfied with our results so far (…) however we cannot rest on our laurels,” said Troels Örting, Head of the EC3, in fact “We have only seen the tip of the iceberg.”