The suspect, only identified by the initials B.B.A., second from left, is presented at a press conference at the headquarters of the National Police in South Jakarta on Friday. (Antara Photo/Reno Esnir)
Police Arrest Yogyakarta Man Who Used Ransomware Attacks to Amass 300 Bitcoins
OCTOBER 26, 2019
Jakarta. Police arrested a 21-year-old man in Sleman, Yogyakarta, on Friday for allegedly using malicious software to extort victims and steal financial data for personal gain.
Yogyakarta Police spokesman Senior Comr. Yuliyanto said the suspect, only identified by the initials B.B.A., sent phishing emails to at least 500 randomly selected addresses to spread ransomware, or software designed to block access to computer systems until a ransom is paid.
The suspect had reportedly been acting alone since 2014 and collected 300 Bitcoins, or equivalent to around Rp 31.5 billion ($2.25 million), Yuliyanto said.
He said the investigation started after a tipoff that the suspect had hacked the computer system of a company based in San Antonio, Texas.
The suspect allegedly also stole credit card data from internet users for personal gain. The National Police's cybercrime unit is investigating the case.
Yuliyanto said the Yogyakarta Police are assisting in the investigation and will forward evidence to the National Police headquarters in Jakarta.
"The evidence includes a Harley Davidson motorcycle and several computers. We will send these [to Jakarta]," he said. The suspect has been in custody in Jakarta since his arrest.
The suspect lived in a boarding house in Sleman for the past two years, Yuliyanto said, without providing further detail.
Senior Comr. Rickynaldo Chairul, head of the police's cybercrime investigation unit, said separately in Jakarta that the suspect had sent emails containing hyperlinks that directed unsuspecting recipients to his webmail server, which would then install ransomware on recipients' computer systems and prevent them from accessing their data.
In the case involving the US company, the suspect threatened to delete its data if it failed to pay the ransom within three days.
"The suspect demanded the ransom be paid in Bitcoin before restoring access to the victim's mail server," Rickynaldo said.
The suspect reportedly used the email address, firstname.lastname@example.org, in his communications with victims.
He faces up to six years in prison under the Electronic Information and Transactions Law.