Two Dutch men were arrested Monday in connection with a ransomware scheme that allowed them to lock up at least 1,500 Windows-based devices around the world.
The two men, ages 18 and 22, allegedly created their malware, CoinVault, and began their campaign in November 2014. They reportedly stopped in April 2015, at which point a new strain was detected, according to a Kaspersky Lab press release.
That same month, Dutch police teamed up with the cybersecurity company to create a website of decryption keys, thereby allowing victims to avoid paying the ransom.
Meanwhile, Panda Security and Kaspersky collaborated to analyze malware samples that ultimately led to the arrests.
Jornt van der Wiel, security researcher at Kaspersky, noted that an April 2015 malware sample contained “flawless Dutch phrases.” Saying Dutch is a difficult language to write without errors, the company suspected a connection with the Netherlands.