Rex Mundi hacking extortion gang busted by Europol

Graham Cluley

Rex Mundi

Rex Mundi

There’s so much bad news about computer security that we sometimes forget to applaud when something good happens.

Let’s change that right now.

Europol has announced the arrest last month of a 25-year-old French man in Thailand, as part of a year long investigation into a notorious gang of hackers and extortionists.

The gang, known as Rex Mundi, has been operating since at least 2012.

As Bleeping Computer reports, Rex Mundi made a name for itself hacking into corporations to steal data, and then blackmailing victims by threatening to release the sensitive information.

Victims of Rex Mundi included Dominos Pizza, which refused to pay a ransom after the the personal details of some 650,000 customers were stolen by the hackers.

The hackers created a website on the dark web for the purposes of disseminating data that they had stolen.

Rexmundi site

In a statement, Europol detailed an attempted extortion last year which ultimately resulted in the arrest of gang members:

In May 2017 a British-based company was the victim of a cyber-attack during which a large amount of customer data was compromised. The attack was immediately claimed by an organisation called Rex Mundi.

A few days later, the company received a phone call from a French-speaking person explaining that he was a member of Rex Mundi. This person shared a large number of credentials with the company to prove that they had access to the data.

The corporate victim was told that they would have to pay almost EUR 580,000 to prevent customer data from being disclosed, or EUR 825,000 for information on how the hackers breached security. To increase pressure further, the company was told that for every day that it failed to pay, there would be an additional ransom of EUR 210,000.

All payments were to be made in Bitcoin.

The unnamed British firm contacted the UK’s Metropolitan police, who worked with French high-tech crime police and Europol. Within an hour, Europol man aged to link the available information to a French national.

French authorities arrested five people in June 2017. The main suspect admitted his involvement in the extortion, but said he had hired someone else via the dark web to carry out the hack itself.

French Police went on to arrest two hackers in France in October 2017, and the final piece of the jigsaw, also a French national with coding skills, was arrested on 18 May by the Royal Thai Police under a French international arrest warrant.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES