December 05, 2016
Russian authorities have arrested a man suspected of writing and distributing ransomware. The suspect, whose name hasn't been released yet, goes by the nickname of Pornopoker.
Authorities arrested Pornopoker at the Domodedovo International Airport near Moscow, after the suspect had returned from Thailand, where police said he was hiding.
Members of Russia's Interior Ministry said the suspect is 40-years-old and is from Volgograd, a city in southeast Russia.
Ministry officials also said Pornopoker worked with an accomplice, which they've already arrested, but not provided any other details.
Crook created police-themed ransomware
According to police, Pornopoker had created ransomware that locks users' computers with a message perpetrating to be from Russian authorities, such as the police (MIA), secret service (FSB), or the Federal Bailiff Service.
The messages told users they had to pay a fine for watching pornographic materials. Paying the fine would also give users access back to their computers.
Below is a video of Pornopoker's arrest.
This week, Europol, the FBI, the NCA, and several law enforcement agencies across the globe brought down a massive malware distribution infrastructure, codenamed Avalanche.
The investigation into this massive cyber-crime operation started in 2012 because of a ransomware family named Ransomlock.P that also showed fake messages pretending to be from the police (German police, in this case).
Apparently ransomware authors haven't gotten the memo that there's no quicker way to draw the police's interest than posing as the police.