Italian State Police, working in collaboration with French and Romanian law enforcement agencies, have successfully identified and dismantled a dangerous cybercriminal organization known as “Diskstation” that specialized in ransomware attacks targeting businesses across multiple sectors.
The complex international investigation, coordinated through EUROPOL, resulted in the arrest of several Romanian nationals and exposed a sophisticated criminal network that paralyzed victims’ IT systems while demanding substantial cryptocurrency ransoms.
The investigation originated from a series of complaints filed by numerous companies operating in Lombardy, whose IT systems had been encrypted by the cybercriminal group, effectively paralyzing their production processes.
The attacks forced victims to pay hefty ransoms in cryptocurrency to regain access to their data and resume normal operations.
The Cybersecurity Operations Center in Milan, coordinated by the Postal Police and Cybersecurity Service, spearheaded the technical investigation using advanced forensic analysis techniques.
Investigators employed a two-pronged approach to track down the perpetrators. The first phase involved comprehensive forensic analysis of the computer systems targeted by the hacker group, while simultaneously conducting thorough blockchain examinations to trace cryptocurrency transactions.
This technical analysis revealed the sophisticated nature of the criminal operation and provided crucial evidence that would later support the international expansion of the investigation.
The findings from this initial phase demonstrated the need to broaden the investigative scope beyond Italian borders, leading to the establishment of an international task force under EUROPOL coordination.
The technical evidence gathered during the forensic analysis proved instrumental in building the case against the suspects and understanding their operational methodology.
Diskstation Ransomware Gang
The investigation’s scope expanded internationally when evidence pointed to perpetrators operating from multiple countries.
EUROPOL coordinated the formation of a specialized task force involving national police forces from France and Romania, all committ to identified those responsible for the “Diskstation” attacks.
This international collaboration proved essential in tracking down the criminals who had been operating across national boundaries.
The victims of these attacks included professionals and companies from diverse sectors, including graphic design, film production, event organization, and non-profit organizations engaged in international civil rights protection and charitable activities.
The wide range of targeted sectors demonstrated the indiscriminate nature of the ransomware attacks and the significant economic impact on legitimate businesses.
The breakthrough came in June 2024 when coordinated searches were conducted in Bucharest at the suspects’ residences.
Milan’s COSC operators participated in these operations, which not only confirmed the investigators’ hypotheses but also resulted in catching several individuals in the act of committing crimes. The searches yielded substantial evidence supporting the criminal charges.
Criminal Charges Filed
Given the severity of the crimes and the dangerous nature of the individuals involved, the investigating judge at the Court of Milan, responding to prosecutors’ requests, ordered pre-trial detention for the main suspect.
The 44-year-old Romanian citizen faces serious charges including “Unauthorized Access to a Computer or Telematic System” and “Extortion” related to attacks against numerous Italian victims.
The effective operational synergy between international law enforcement agencies led to the identification of several Romanian nationals involved in various capacities within the complex criminal network.
The investigation’s success demonstrates the importance of international cooperation in combating sophisticated cybercrime operations that transcend national borders.
The case emphasizes that criminal responsibility, in accordance with the presumption of innocence, can only be definitively established through an irrevocable conviction following the completion of legal proceedings.
This landmark case represents a significant victory in the ongoing battle against ransomware operations targeting critical business infrastructure.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
