The Amsterdam Cybercrime Police Team has arrested three men for ransomware activity that has generated €2.5 million by extorting small and large organizations in several countries.

The suspects, all young men between the ages of 18 and 21, are accused of stealing sensitive data from victim networks and demanding a ransom. They are believed to have attacked thousands of businesses.

Victims include online shops, software companies, social media companies and institutions connected to critical infrastructure and services.

The hackers demanded between €100,000 and €700,000, depending on the size of the organization hacked. The extortion involved threats of data leakage or destruction of the company’s digital infrastructure.

It is unclear whether the hackers also encrypted files during the attacks or simply stole data and threatened to release it unless the victim pays a ransom.

Dutch police claim that even when the victims paid the ransom, the hackers still sold the stolen data online for extra profit.

“The cybercrime team opened the investigation in March 2021 in response to a report of data theft and a threat against a major Dutch company,” reads the police announcement.

Hackers are estimated to have stolen personal data belonging to tens of millions of people, including names, email addresses, phone numbers, bank account numbers, credit card details, passwords. account password, license plates and passport details.

This information can be used in phishing and social engineering attacks, as well as various fraudulent activities.

The Amsterdam cybercrime unit has noticed a worrying trend among data brokers who are now processing stolen data to refine records and make databases easily searchable. This gives them better sales prospects and maximizes their profits from successful network intrusions.