The developer of Vortex, Polski and Flotera ransomware is arrested

by Linas Kiguolis - - 2018-03-21

The author of Flotera, Polski and Vortex ransomware, Tomasz T., has been charged with 181 crimes

Polski ransomware author is arrested

Law enforcement agencies from Poland have arrested Tomasz T. on Friday. Investigators believe that the Polish national, who is currently living in Belgium, is the developer of three infamous ransomware families — Polski, Vortex, and Flotera. The arrest took place in the Polish town, named Opole on Wednesday^[1].

Tomasz T. was taken into custody and charged with 181 different crimes. Although, authorities confirm that the suspect pleaded guilty and cooperated with the police agents. Nonetheless, the judge has already approved that the cybercriminal would be temporarily imprisoned for three months.

According to the official report, law enforcement says that it is believed that the suspect has infected thousands of computers worldwide. Although, most of the victims appeared to be located in Poland and the crook has earned more than $145 000 from the ransom payments^[2].

Tomasz T. is also known as Armaged0n in hackers' forums

Numerous people from Polish law enforcement groups have been tracking this cybercriminal. They have found the nickname of Tomasz which has been widely used in infamous HackForums portal — Armaged0n. The suspect is believed to be active since 2013 with the latter alternative name.

He first started his malicious activity when trying to receive illegal bank transactions with the help of the banking trojan. The software was designed to switch the original bank account number with the one of Tomasz and transfer money from the victim directly to his bank account.

Later in 2017, this cybercriminal decided to release a file-encrypting virus, named Polski ransomware^[3]. Unfortunately, one cyber threat followed another the suspect had distributed two other crypto-malware — Vortex and Flotera viruses. According to the IT specialists, one of the most successful cyber infections were Vortex ransomware which remained to lurk in the cyberspace until 2018.

Local authorities have collected the equipment and decryption keys

At the time of the arrest of Thomas, Polish police have contacted authorities in Belgium to search his apartment. They have seized his computer and other related equipment for the investigation. Luckily, IT professionals have managed to access the information stored in the systems and remote servers. Likewise, they obtained the decryption^[4] tools necessary for ransomware victims.

Now, Polish police are urging the victims of Polski, Vortex and Flotera ransomware to file official complaints^[5]. This way, the authorities will provide the keys which are vital for file decryption. People can successfully get back the compromised data and use their computers again.

About the author

Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References

^ Łukasz Łapczyński. Areszt wobec Tomasza T. – podejrzanego o 181 przestępstw związanych z rozsyłaniem złośliwego oprogramowania. Prokuratura Okręgowa w Warszawie.
^ Balaji N. 3 Dangerous Ransomware Families Author Arrested in Poland and Seized the All Decryption keys. GBHackers. Latest Hacking News, Kali Tutorials, Infosec.
^ Ugnius Kiguolis. Polski ransomware virus. How to remove? (Uninstall guide). 2Spyware. Security and Spyware News.
^ Decryption. Computer Hope. Free Computer Help.
^ Newsbite: Polish police arrest prolific ransomware cyber-criminal. SC Magazine. Breaking news on cybersecurity, cybercrime, industry insight and security product reviews.