Moldovan authorities have detained a 45-year-old foreign national linked to a 2021 ransomware attack on Dutch organizations, including a €4.5 million assault on the Netherlands Organization for Scientific Research (NWO). The suspect, accused of cybercrimes such as ransomware, blackmail, and money laundering, was arrested following a search of his Moldova residence. Police seized €84,000 in cash, an electronic wallet, two laptops, a mobile phone, a tablet, six bank cards, two storage devices, and six memory cards.
The February 2021 attack, attributed to the DoppelPaymer ransomware group, compromised NWO’s network drives, blocked document access, and led to the leak of stolen files after the organization refused to pay the ransom. DoppelPaymer, active since June 2019, shares similarities with BitPaymer ransomware in its code and operations.
In 2023, German and Ukrainian authorities targeted DoppelPaymer’s core members, with Germany issuing warrants for three alleged leaders: Igor Olegovich Turashev, Igor Garshin, and Irina Zemlianikina. The investigation into the suspect’s activities continues as international efforts to combat ransomware intensify.