Today, we have some important news to share with you. Our friends in the Technological Investigation Brigade of Spain’s National Police,  together with Europol and Interpol, have dismantled the cyber-crime ring responsible for the “Police Virus”. According to the news release published by Spain’s Ministry of Home Affairs, the police have arrested ten members of the computer hacking group, responsible for taking in around 1 million euros per year from victims of their scams. The arrested people include six Russians, two Ukranians and two Georgians, all of them living in Spain.

The head of the gang –a citizen of Russian origin – was also arrested in the operation. Oddly enough, and despite his origin, he was arrested in Dubai while on vacation, and awaits extradition to Spain. The operation remains open and more arrests could be forthcoming.

In any event, and before we all start celebrating, it must be said that in our opinion, based on our research of the Police Virus, there is more than one group behind the attacks. We’ve reached this conclusion after having studied multiple variants of this malware over time and having detected numerous striking differences among them.

Here on this blog we have posted several reports on the Police Virus and its evolution over time. This evolution is absolutely normal and it doesn’t necessarily mean that there are various teams behind the attacks, as it is quite normal for cyber-criminals to try different techniques to infect as many people as possible.

However, there is other evidence to the contrary: We saw how certain techniques that had apparently been abandoned (like the encryption of files on the victim’s computer) were suddenly put to use again; or how different variants used completely different techniques to achieve the same results (display a fake police warning on screen). All the evidence seems to indicate that we are dealing with different projects.

This wouldn’t be too surprising after all. If you analyze the situation from a purely commercial point of view, it would be something like this: someone comes up with a money-making idea, and others copy it quickly to get the same results. It happens all the time. In this particular case, it seems that there are different gangs ‘in the same line of business’.

Another clear evidence of this is the fact that the attacks keep repeating, even at this very minute: There are new Police Virus infections asking for their €100 fine. Here are a couple of screenshots of two new variants we have detected a couple of minutes ago as I was typing these lines:

Poli1

 

Poli2

Anyway, this is still good news for everyone: another cyber-crime ring has been dismantled, and law enforcement agencies around the world keep making progress towards defeating the cyber threat.