Moldovan Authorities Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Moldovan law enforcement has arrested a 45-year-old foreign national suspected of orchestrating a significant ransomware attack on the Netherlands Organization for Scientific Research (NWO) in 2021, resulting in damages estimated at €4.5 million.
Details of the Arrest
The suspect was apprehended on May 6, 2025, following a coordinated operation between Moldovan authorities and Dutch law enforcement. A search of the individual’s residence and vehicle led to the seizure of €84,800 in cash, an electronic wallet, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices.
The individual is currently in custody as Moldovan prosecutors initiate extradition proceedings to the Netherlands, where the suspect faces charges related to ransomware attacks, blackmail, and money laundering.
The 2021 NWO Ransomware Attack
In February 2021, the NWO suffered a ransomware attack attributed to the DoppelPaymer group. The incident forced the organization to shut down its grant application system, significantly disrupting operations. After the NWO refused to pay the ransom, the attackers leaked stolen internal documents online.
About DoppelPaymer Ransomware
DoppelPaymer is a ransomware variant that emerged in 2019, believed to be based on the BitPaymer ransomware. It has been used in attacks against various organizations worldwide, including Foxconn, Kia Motors America, and Newcastle University. The group is known for exfiltrating data before encryption and threatening to publish it if ransoms are not paid.
International Efforts Against Cybercrime
This arrest underscores the importance of international collaboration in combating cybercrime. Law enforcement agencies across Europe have been actively pursuing members of ransomware groups like DoppelPaymer, leading to multiple arrests and disruptions of their operations.
The Moldovan authorities’ swift action in this case reflects a growing commitment to addressing the global threat posed by cybercriminals.
Leave a Reply