Moldovan Police Arrest a 45-Year-Old Man Linked to Ransomware Attacks on Dutch Companies
May 13, 2025
A Significant International Arrest
In an impactful joint operation involving both Moldovan and Dutch authorities, a 45-year-old foreign man has been arrested in Moldova. This individual is accused of participating in a series of ransomware attacks targeting Dutch companies back in 2021. The arrest has broad implications, highlighting the collaborative efforts needed to combat international cybercrime.
Details on the Allegations
The arrested suspect is wanted internationally for a variety of cybercrimes, including ransomware attacks, blackmail, and money laundering. His operations specifically targeted Dutch entities, inflicting significant financial damage. One of the most notable incidents involved a cyberattack on the Netherlands Organization for Scientific Research, which reportedly caused damage amounting to €4.5 million. This incident was traced back to the notorious ransomware group known as DoppelPaymer.
In a statement from Moldovan police, they elaborated on the suspect’s criminal activities: “He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands.” According to their press release, the suspect was responsible for organizing the aforementioned attack on the Netherlands Organization for Scientific Research (NWO).
The Investigation and Evidence Seized
On May 6, 2025, Moldovan law enforcement conducted a thorough search of the suspect’s home and vehicle, seizing substantial evidence tied to his cybercriminal operations. This included €84,800 in cash, an e-wallet, laptops, a smartphone, a tablet, six bank cards, and several storage devices. The nature of the seized items underscores the sophisticated means by which cybercriminals operate.
A Closer Look at DoppelPaymer Ransomware
DoppelPaymer ransomware has been a prominent threat since its emergence in June 2019. Initially linked to BitPaymer, it is part of the broader Dridex malware family. Its operators frequently distribute this ransomware through phishing schemes and spam messages, aiming to compromise targets and extort financial payments.
DoppelPaymer employs a double extortion strategy, having launched a leak site in early 2020. Notably, between May 2019 and March 2021, victims in the U.S. alone reportedly paid over €40 million to these cybercriminals.
Authorities have connected at least 37 companies to DoppelPaymer attacks in Germany, with the University Hospital in Düsseldorf being one of the most significant victims. The coordinated international efforts to combat this ransomware have seen law enforcement agencies from various countries collaborate, illustrating the global nature of cybercrime.
Ongoing International Operations
March 2023 marked a pivotal moment in the fight against DoppelPaymer. Europol announced a collaborative operation that targeted key figures within the group, involving law enforcement from Germany and Ukraine, along with support from the U.S. FBI and the Dutch police. This international law enforcement effort aimed to dismantle the infrastructure behind large-scale cyberattacks.
From an operational standpoint, the actions taken by various law enforcement agencies reflect a growing recognition of the need for global cooperation in cybersecurity. The coordinated efforts to identify and apprehend core members of cybercrime organizations serve as a robust response to the ever-evolving landscape of digital threats.
Follow the Developments
The arrest of this suspect signifies an important milestone in addressing cybercrime on an international scale. The intricate web of ransomware activities underscores the importance of shared intelligence and collaboration between nations.
For those interested in staying updated on developments in cybersecurity, you can follow industry experts on social media platforms such as Twitter at @securityaffairs, or explore further articles on notable cybersecurity incidents.
Pierluigi Paganini remains a key voice in the discussion surrounding hacking and cybersecurity, offering insight into the complexities of digital crime across the globe. For further reading, explore his works on SecurityAffairs.