The ATM Malware Gang Slowly Dismantled by British Police

London Police is slowly dismantling an ATM malware gang operating out of Romania, which British authorities say is responsible for stealing £1.6 million ($2 million) from UK cash machines.

The gang’s biggest heist, which was also the one that drew the attention of UK authorities, took place over the 2014 May Bank Holiday weekend when the crooks stole £1.3 million ($1.65 million).

The group hit 51 ATMs across Bognor Regis, Brighton, Liverpool, London, and Portsmouth.

The gang operated by infecting the cash machines with malware that allowed them to withdraw large sums of money. Police say the malware had a particular feature that allowed it to delete itself to hide its tracks.

The group scouted ATMs in advance to discover improperly-protected cash machines that they could break in and infect with their malware.

Police got lucky when the group was careless, and one member was recorded by a hidden ATM surveillance camera.

The suspect was identified and arrested in late 2014. His name is Grigore Paladi, a Romanian national, and in February 2015, a UK judge sentenced him  to five years in prison.

Paladi’s arrest and sentencing were followed by the arrest of Teofil Bortos, 36, also from Romania. Police arrested Bortos at the London Luton Airport in July 2015.

Bortos pleaded guilty in December 2015 and was sentenced to seven years in prison a month later. Authorities said Bortos was the gang member tasked with identifying insecure ATMs the group could attack.

Arrests in the 2014 ATM robbery incidents continued on September 20, 2016, when Romania police arrested Emanual Leahu, aged 30, from the city of Bacau, in eastern Romania.

Local authorities arrested the suspect based on a European arrest warrant issued by UK police. The man is scheduled for extradition to the UK next week.

Nevertheless, British authorities say the gang has five members, with the other two still at large in Romania. European arrest warrants have been issued in their names as well.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients