Author of Three Critical Ransomware Families Polski, Vortex, and Flotera Arrested in Poland
A well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains, Tomasz T.
was arrested in Poland on Wednesday, but the announcement was made by the Polish Law Enforcement on Friday.
they told that,They had been tracking him for quite some time and were ready this time to go ahead with the arrest.
Tomasz T. a.k.a. Thomas or Armaged0n – a Polish citizen who lives permanently in Belgium is responsible for conducting cyber-crime such as DDOS attacks, sending malicious software to compromise several computers and using ransomware to encrypt the files.
While working through Europol, the Polish police had alerted their Belgium counterparts, who thusly searched his house and seized the computer equipment, laptop and remote servers also including encryption keys.
“Apparently, the suspect has been active since 2013, when he first started targeting users via a banking Trojan that would replace bank account numbers in users’ clipboards with one of his own, so to receive undeserved bank transfers.”
– according to the Prosecutors.
He was able to spread this ransomware through the means of email by pretending to impersonate official correspondence from well-known companies such as DHL, Zara, Cinema City, PAY U, WizzAir and many more.
While utilizing the Online portal, Tomasz operated under the epithet “Armaged0n,” which he used on the infamous Hack Forums cyber-crime portal too.
The Polish tech news site Zaufana Trzecia Strona (ZTS) was the first to draw the lines between the three ransomware strains to the Armaged0n persona and later tracked down an extensive email spear-phishing operation.
Armaged0n Hack forum profile
The police suspects that Tomasz infected thousands of users with ransomware and made over $145,000 from his criminal undertakings. ZTS, CERT Poland, security analysts, police, and the impersonated companies all worked together to track him down.
Polish Cybercriminal has been accused with various complaints such as accepting and transferring funds from crimes, infecting computer systems with malware such as the Polish Ransomware, Vortex or Floter and for influencing automatic data processing for financial benefits. All these ransomware’s Decryption keys have likewise been collected from his system.
The suspect, questioned by the prosecutor, conceded to the 181 different crimes that he was charged with.
Nonetheless, after performing the procedural steps, the prosecutor filed a motion to apply to him a temporary detention for a period of three months.