Application security, Malware, Ransomware, Vulnerability Management

Washington, D.C. police computers used by two Romanians to operate ransomware campaign

The U.S. Secret Service has filed a complaint against two Romanian nationals for allegedly compromising more than 100 Washington, D.C. police computers in order to spread ransomware.

Mihai Alexandru Isvanca and Eveline Cismaru were named in the complaint filed in U.S. District Court, District of Columbia, for allegedly taking control of 123 out of 187 Metropolitan Police computers, with the intention of using them to send malicious emails containing ransomware. The computers controlled the majority of the outdoor surveillance cameras used by the police in the city, according to the complaint.

The Secret Service says it learned of the hack on January 12, 2017, when the computers connected to individual cameras went offline. Further investigation of the affected computers found that an unauthorized person was operating the computer and had installed and was running programs not authorized by the police department. This included evidence of Cerber ransomware being distributed by at least one specific unit.

It is not known how long the ransomware operation ran.

Another police computer was found spreading the Dharma ransomware. Multiple Gmail accounts were also found on the machines, most likely being used to spend the malspam.

“Those email accounts, in turn, reflect not just the ransomware scheme, but in various ways (and through related accounts and activity) ultimately identify Isvanca and Cismaru as the participants in the conspiracy, including by leading back to email and other online accounts in their own names,” Secret Service Special Agent James Graham noted in the complaint.

This is the second time this month that the U.S. Secret Service has been involved in tracking down Romanian hackers. On Dec. 20, SC Media reported the agency helped Romanian and other international law enforcement agencies track down and arrest five Romanian citizens for operating a ransomware scam.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.