Moldovan law enforcement has apprehended a 45-year-old foreign man alleged to be involved in a series of ransomware attacks that targeted Dutch companies in 2021. The arrest was announced on May 13, 2025, as authorities revealed that the suspect is wanted on international charges for committing multiple cybercrime offenses, including ransomware attacks, blackmail, and money laundering against entities in the Netherlands.
During the operation, police seized more than €84,000 ($93,000) in cash, along with various technological devices, including laptops, a mobile phone, and several bank cards. The suspect’s identity has not been disclosed, but officials confirmed that he was detained following a search of his residence in Moldova.
Notably, the suspect is accused of orchestrating a ransomware attack on the Netherlands Organization for Scientific Research (NWO) in February 2021, which resulted in considerable financial damage estimated at approximately €4.5 million. The attack led to the leak of confidential documents after NWO refused to comply with the ransom demand. The NWO stated that the attacker had successfully blocked network drives and rendered critical documents inaccessible.
The attack was attributed to a group known as DoppelPaymer, a ransomware family believed to have emerged in 2019. This group has been responsible for various high-profile cybercrimes, prompting international law enforcement actions. In March 2023, authorities in Germany and Ukraine targeted suspected members of the DoppelPaymer group, leading to arrest warrants for several individuals linked to the organization.
As cybercrime continues to pose serious threats to organizations globally, this arrest highlights the ongoing efforts by law enforcement agencies to combat such illegal activities and bring perpetrators to justice.