Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. To counter ransomware a free scheme called No More Ransom is helping victims fight back without paying the hackers. Europol has announced that a new No More Ransom website has been launched to mark the project’s fifth year. Modern and more user-friendly, the new home of the Crypto Sheriff offers updated information on ransomware, as well as advice on how to prevent a ransomware infection.
The decryptors available in the No More Ransom repository have helped more than six million people to recover their files for free. This prevented criminals from earning almost a billion euros through ransomware attacks. Currently offering 121 free tools able to decrypt 151 ransomware families, it unites 170 partners from the public and private sector. The portal is available in 37 languages.
Ransomware infections occur in different ways, such as through insecure and fraudulent websites, software downloads and malicious attachments. Anyone can be a target – individuals and companies of all sizes. For best advice on prevention read all the prevention advice on the No More Ransom website.
The Tenth Meeting of the EAST Payments Task Force (EPTF) took place on Wednesday 7th July 2021. Due to the Covid-19 situation it was conducted as a virtual meeting and 18 EPTF members participated.
The EPTF is a specialist task force that discusses security issues affecting the payments industry and that gathers, collates and disseminates related information, trends and general statistics.
The meeting was chaired by Mr Rui Carvalho, EAST Development Director, and key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors and Solution Providers took part.
INTERPOL and Europol provided the law enforcement perspective, and short presentations were also made by Cartes Bancaires, Group-IB, ING Bank, JP Morgan Chase, LINK Scheme, MasterCard Members’ Association, PAN-Nordic Card Association, PSA, PLUSCARD, SIBs, tietoEVRY, Trend Micro and Worldline. Social engineering linked to non-banking fraud was reported as a rising issue.
The Group, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.
EAST National & Global Members represent 35 countries and outputs from the group are presented to EAST Global Congress Meetings. There are 210 EAST Associate Member Organisations from 52 countries and territories.
An alleged prolific cybercriminal has been apprehended in Morocco following a joint two-year investigation by INTERPOL, the Moroccan police and Group-IB. Acting under the signature name of ‘Dr Hex’, the suspect is believed to have targeted thousands of unsuspecting victims over several years through global phishing, fraud, and carding activities involving credit card fraud. He is also accused of defacing numerous websites by modifying their appearance and content, and targeting French-speaking communications companies, multiple banks and multinational companies with malware campaigns, and is alleged to have helped develop carding and phishing kits, which were then sold to other individuals through online forums to allow them to facilitate similar malicious campaigns against victims. These were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusting individuals for financial gain – the losses of individuals and companies were then published online in order to advertise these malicious services.
Under Operation Lyrebird, INTERPOL’s Cybercrime Directorate worked closely with Group-IB and with Moroccan Police, via the INTERPOL National Central Bureau, in Rabat to eventually locate and apprehend the individual, who remains under investigation. INTERPOL Executive Director of Police Services Stephen Kavanagh said: “This is a significant success against a suspect who is accused of targeting unsuspecting individuals and companies across multiple regions for years, and the case highlights the threat posed by cybercrime worldwide. The arrest of this suspect is down to outstanding international investigative work and new ways of collaboration both with Moroccan police and our vital private sector partners such as Group-IB.”
Group-IB determined that the suspect was involved in attacks on 134 websites from 2009-2018, leaving behind his signature name on web pages. Its participation in the operation came under Project Gateway, an initiative which facilitates cooperation and information sharing between INTERPOL and private sector partners.
In May 2021 INTERPOL launched a new cyber operations desk to boost the capacity of 49 African countries to fight cybercrime. The Africa desk will help shape a regional strategy to drive intelligence-led coordinated actions against cybercriminals and support joint operations such as Lyrebird.
At a time of increasing cyber threats, members of the public, businesses and organisations are reminded to protect themselves from phishing attempts by following the advice showcased in INTERPOL’s #WashYourCyberHands and #OnlineCrimeIsRealCrime campaigns.
The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud.
EAST has just published its second Fraud Update for 2021. This is based on country crime updates given by representatives of 22 countries in the Single Euro Payments Area (SEPA), and 9 non-SEPA countries, at the 4th (virtual) EAST Interim Meeting held on 9th June 2021.
The following countries supplied full or partial information for this Update:
Armenia, Austria; Belgium; Brazil; Canada; Cyprus; Finland; France; Germany; Greece; Hungary; Ireland; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Poland; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Arab Emirates; United Kingdom.
To date in 2021 the EAST Payments Task Force (EPTF) has published one related Payment Alert and the EAST Expert Group on All Terminal Fraud (EGAF) has published four related Fraud Alerts.
To date in 2021 the EPTF has published one related Payment Alert.
To date in 2021 the EPTF has published one related Payment Alert and EAST EGAF has published two related Fraud Alerts.
The full European Fraud Update is available to EAST Members (National, Global and Associate).
Information on the Fraud Definitions and Terminology used by EAST can be found as follows:
TERMINAL FRAUD DEFINITIONS
TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS
TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY
Law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. DoubleVPN was used by ransomware groups.
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN connections to its clients. It was being used to compromise networks all around the world and its cheapest VPN connection cost as little as €22 ($25).
The coordinated takedown was led by the Dutch National Police (Politie), under the jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust. International cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
- Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
- Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network. For this purpose, and since October last year, six dedicated coordination meetings took place, organised by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.
The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud. It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud. Ransomware is classified as a form of Data Compromise.
A fourth Interim Meeting of EAST National and Global Members took place on Wednesday 9th June 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Graham Mott from the LINK Scheme. The key focus was on the sharing of global, regional, and national, payment and terminal fraud intelligence.
Law enforcement overviews were provided by Europol, the Gulf Cooperation Council Police (GCCPOL), the United States Secret Service (USSS) and INTERPOL. Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe. The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries focussing on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim. The USSS presentation covered US Fraud Trends (2020/2021), along with prevention/detection techniques, and the INTERPOL presentation covered recent issues relating to financial crimes, money laundering, and asset tracing.
Private sector fraud intelligence updates were received from 31 countries, either directly or via regional/global updates by Citi, HSBC and Worldline. Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT). A key issue, highlighted by most of the countries, continues to be the importance of raising consumer awareness to counter the rising threats related to social engineering.
EAST Fraud Update 2-2021 will be produced during July, based on the country updates provided at the Interim EAST Meeting. EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.
The next meeting of this group, scheduled for 6th October 2021, will also be a virtual Interim meeting. The 1st EAST Global Congress is now scheduled to be held in February 2022, dependant on the prevailing status of the Covid-19 pandemic.
The 23rd Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 12th May 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.
The meeting was attended by 28 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.
EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.
Presentations were made by Europol, INTERPOL, Swedish Police, Damage Control Mexico, and Diebold Nixdorf.
Experts from the following organisations also contributed to the meeting: Bits A/S, BVK, Cennox, GMV, Mastercard, NatWest Group, NCR, PSA, KAL, Santander Bank, TietoEVRY, TMD Security, and TrendMicro.
The meeting approved a list of recommended Countermeasures against ATM Malware and Black Box attacks, which will be shown, as applicable, in future EAST Fraud Alerts.
EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 260 EAST Fraud Alerts have been issued as can be seen in the table below.
On 11 May 2021, a large criminal network involved in investment fraud and money laundering was dismantled as a result of a cross border operation supported by Europol and Eurojust. This was a large-scale online investment fraud network with hundreds of victims across Europe.
LAW ENFORCEMENT ACTION
The investigation, led by Germany, involved law enforcement and judicial authorities from Bulgaria, Israel, Latvia, North-Macedonia, Poland, Spain and Sweden. The final results were:
- 11 arrests (5 in Bulgaria and 1 in Israel on the action day and 5 previously in Spain)
- 12 locations were searched in Bulgaria, Israel, Poland, North Macedonia and Sweden
- Seizures included numerous electronic devices, real estate, jewellery, high-end vehicles and approximately €2 million in cash
- Bank accounts have also been frozen
Europol supported the operation by facilitating information exchange and providing analytical support and operational coordination. During the action day, Europol experts cross-checked operational information in real-time against Europol’s databases to provide leads to investigators in the field.
HOW THE INVESTMENT FRAUD WORKED
The criminal network, organised mainly by Israeli nationals, created different, professional looking, online trading platforms advertising substantial profits from investments in high-risk options and cryptocurrencies. The victims were targeted through advertisements in social media and search engines. The criminals posed as experienced brokers when contacting the victims via the call centres they had set-up, operating from Bulgaria and North Macedonia. They used manipulated software to show the gains from the investments and to encourage the victims to keep investing.
Victims across Europe are estimated to have lost at least €30 million to the fraud. Victims in Germany suffered at least €7 million of these losses, while 300 complaints were filed in Spain. The suspects laundered the illegal profits through bank accounts controlled or owned by shell companies based in different EU countries.
The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud. It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud. Investment Fraud is classified as a form of Technological Fraud (Attacks against Technology).
EAST Development Director Rui Carvalho presented at the ATEFI Security Committee on 30th April 2021, a virtual event. The impact of the Covid-19 pandemic has made it more important than ever for the sharing of threat intelligence to strengthen security strategies in Electronic Payments. The event focussed on both physical and cyber security. Rui shared key information and statistics from the latest EAST Payment Terminal Crime Report, as well as insights from the 9th Meeting of the EAST Payments Task Force (EPTF) held on 14th April 2021. He covered:
- ATM Malware & Logical Attacks
- Terminal Related Fraud
- ATM Physical Attacks
- Payment Fraud (social engineering, ransomware, e-skimming)
The event was attended by public officials, law enforcement agencies, regulatory entities, representatives of international organisations, Managers and Network Security Officials, ATEFI Members from the entire LATAM region and Spain, as well as bank officials, representatives of the Latin American Bank Associations, Credit and Debit Card executives, and specialised media.
ATEFI is the Latin American Association of Operators Electronic Funds Transfer and Information Services and represents 20 ATM networks in 14 countries throughout Latin America.
In May 2016 EAST and ATEFI joined forces in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.
The Covid-19 pandemic continues to impact on how people live their lives and, as a result of the many lock downs, habits are changing. One area where change is being seen is in cash usage. From January to April 2021 EAST ran an online research poll which asked the question In which, if any, of the following ways do you think the outbreak of Covid-19 will affect your use of cash in the next six months?:
- I will use less cash
- I will use contactless/mobile payments more (e.g. Apple Pay, Google Pay etc)
- I will do more shopping online
- I will use card payments more
- I will use ATMs / cash machines less frequently
- I don’t think coronavirus will affect my use of cash in the next six months
- I will take more hygiene precautions when using cash (storing it for longer periods, washing it, using gloves to handle it etc)
- Don’t know
The final results were as follows (nobody ticked that they will take more hygiene precautions when using cash, or that they don’t know). Over the next 6 months:
- 84% of all the respondents will use less cash,
- 69% will use contactless / mobile payments more,
- 67% will do more shopping online
- 52% will use cards more
- 35% will use ATMs / cash machines less frequently
- and only 16% of the respondents don’t think that the covid-19 pandemic will affect their use of cash as a result of the covid-19 pandemic.
These results are consistent with our previous poll, that looked at Covid-19, Cash and the future of payments