Moldovan Police Arrest Ransomware Suspect Tied to €4.5M Damage in the Netherlands
Netherlands, Tuesday, 13 May 2025.
Moldovan authorities arrested a man linked to DoppelPaymer ransomware attacks on Dutch firms, causing €4.5M in damages. The arrest underscores Europe’s ongoing fight against cybercrime.
Major Arrest in International Cybercrime Operation
On May 6, 2025, Moldovan authorities apprehended a 45-year-old foreign national in a significant cybercrime breakthrough [1]. The suspect, whose identity remains undisclosed, was arrested for orchestrating multiple ransomware attacks against Dutch companies, including a devastating attack on the Netherlands Organization for Scientific Research (NWO) that resulted in approximately €4.5 million in damages [2][3].
Substantial Evidence Seized
During the raid, law enforcement officials recovered substantial evidence, including an electronic wallet containing €84,800, multiple electronic devices, and various data storage equipment [1]. The seized items included two laptops, a mobile phone, a tablet, six bank cards, and multiple memory storage devices [2]. This operation represents a collaborative effort between Moldovan prosecutors, the Moldovan Center for Combating Cybercrime, and Dutch law enforcement authorities [6].
DoppelPaymer Connection and Previous Operations
The suspect is linked to the notorious DoppelPaymer ransomware group, which gained notoriety for its sophisticated system compromise techniques [6]. In the February 2021 attack on NWO, the perpetrators blocked network drives, made documents inaccessible, and exfiltrated sensitive files [1]. The organization steadfastly refused to pay the ransom demanded, leading to the public release of stolen data [1]. This arrest follows previous enforcement actions in February 2023, when German and Ukrainian authorities conducted raids targeting core members of the DoppelPaymer group [6].
Legal Proceedings and International Cooperation
The suspect currently remains in custody in Moldova, with extradition proceedings to the Netherlands pending [6]. The individual faces multiple charges, including ransomware attacks, extortion, and money laundering [2]. This case highlights the increasing effectiveness of international law enforcement cooperation in combating cybercrime, following recent successful operations against various cybercriminal groups across Europe [2].