Enlarge image
Photo: Mohssen Assanimoghaddam / dpa
According to information from Bayerischer Rundfunk (BR) and "Zeit Online", criminal prosecutors from the Baden-Württemberg State Criminal Police Office have identified a suspected mastermind behind the REvil ransomware.
The software is one of the most notorious programs for encrypting third-party data and then blackmailing victims.
In Germany, among other things, the State Theater Stuttgart, several medium-sized companies and hospitals are affected.
The suspect Nikolay K. is said to be a Russian citizen who lives in a large city in the south of the country. According to the investigators, he should "undoubtedly" belong to the core group of REvil and its alleged predecessor Gandcrab. The group rents its ransomware to other criminals and collects fees for it - "Ransomware as a service" is the name of the business model.
Reporters from the BR and "Zeit Online" reportedly found evidence that the suspect received money that is said to have come directly from ransomware cases. The name that K. uses in social networks can be googled and leads to an e-mail address with which several websites have been registered. These in turn are linked to various Russian cell phone numbers, one of which leads to a Telegram account on which a Bitcoin address was published. Bitcoins worth more than 400,000 euros were deposited on it. Experts at a company that specializes in blockchain analysis are highly likely to attribute these deposits to extortion.
In online networks, K. presented himself as a dealer in crypto currencies with a luxurious lifestyle, for example with expensive sports cars, designer clothes and luxury travel.
As long as he is in Russia, however, he cannot be arrested by German prosecutors.
Neither the investigating authorities - the Federal Criminal Police Office and the State Criminal Police Office of Baden-Württemberg - nor the Stuttgart public prosecutor's office wanted to comment on the media's request.
The suspect did not respond to inquiries either.
According to Reuters, US authorities together with foreign partners recently hacked REvil's technical infrastructure.
The group's website has been offline since then.
The authorities' success has not yet been officially confirmed.
pbe / AFP