Prosecutors have started legal process to extradite the 45-year-old suspect to the Netherlands from Moldova
The arrest took place on 6th May.
The Moldovan Police, in coordination with the country’s Centre for Combating Cybercrimes and law enforcement authorities in the Netherlands, executed a targeted search of the suspect’s residence and vehicle.
During the operation, investigators seized a range of items believed to be tied to illicit activities, including an electronic wallet, €84,800 in cash, two laptops, a mobile phone, a tablet, six bank cards and several data storage devices.
According to a press release issued Monday, the suspect remains in custody as Moldovan prosecutors begin the extradition process to the Netherlands.
Authorities allege that the individual was responsible for the 2021 cyberattack on the NWO, which led to an estimated €4.5 million in damages.
The incident forced the council to shut down its grant application system, significantly disrupting operations.
The attack came to light on 14 February 2021, when the NWO publicly disclosed the breach. Ten days later, after the council refused to comply with ransom demands, the attackers published stolen internal documents on DoppelPaymer’s dark web leak site.
DoppelPaymer, a ransomware operation that emerged in mid-2019 following a splintering of the Russian-speaking Evil Corp cybercrime syndicate, quickly gained notoriety for its aggressive extortion tactics.
The group often exfiltrated sensitive data before encrypting systems, pressuring victims by threatening to leak or destroy files.
In many cases, the operators made follow-up phone calls to victims, according to a 2020 FBI private industry alert, to intensify pressure for ransom payments.
The group, believed to have rebranded multiple times under names like “Grief” and “Entropy,” has targeted high-profile companies and institutions globally. Victims have included tech giant Foxconn, Kia Motors America, Pennsylvania’s Delaware County, Compal Electronics and Newcastle University in the UK.
In March 2023, law enforcement agencies targeted two other individuals thought to be core members of the DoppelPaymer operation, issuing international arrest warrants for three additional suspects.
Meanwhile, European authorities continue to dismantle the ransomware gangs’ networks, which have been linked to a series of disruptive and costly attacks on critical infrastructure and multinational corporations.
Last week, Irish authorities handed down a two-year prison sentence to a 43-year-old man found guilty of operating a website that facilitated the sale of malware, ransomware and stolen financial data.
Earlier in May, Polish police successfully detained four individuals accused of running illicit DDoS-for-hire services, which were reportedly used to disrupt websites and servers on a global scale.
Adding to this wave of law enforcement action, Ukrainian authorities last month dismantled a criminal network that defrauded Latvian citizens of over $145,000 through elaborate fake cryptocurrency investment schemes operated from call centres located across Ukraine.
