Europol has announced eight people have been arrested on suspicious of their involvement with the notorious hacker group Rex Mundi, which means "King of the World" in Latin. The agency announced Friday that a 25-year-old coder was arrested by the Royal Thai Police on May 18 based on a French international arrest warrant.
The suspect is the eighth individual to be arrested as part of a year-long global operation to dismantle the Rex Mundi organization. Active since at least 2012, the group has targeted a string a companies to steal private data and extort ransom fees in exchange for not disclosing the hacks. In some cases, the group demanded higher ransoms to avoid publicly revealing the security flaw exploited to access the company's network. If the firm failed to pay up, the hackers leaked the stolen data online.
Its victims include Webassur, Drake International, AlfaNet, Domino's Pizza, Banque Cantonale de Geneve and AmeriCash Advance among others.
In May 2017, the group targeted a British-based company whose network they breached.
According to Europol, the company received a call from a French-speaking individual a few days later claiming to be a member of Rex Mundi. The person also shared a large number of credentials to prove they had stolen data from the firm and demanded a ransom of €580,000 ($675,000) in Bitcoin for not disclosing the hack. The hacker also demanded €825,000 ($960,000) to reveal how they broke in and how to handle it. For every day that the company failed to pay up, there would be an additional ransom of €210,000 ($245,000).
However, the UK firm declined to pay up and contacted authorities regarding the breach. Information from the Metropolitan Police in the UK, the French National Police and Europol led to the arrest of the eight hackers.
In June 2017, five French nationals were arrested by French authorities. The main suspect admitted his role in the extortion scheme but claimed they did not do any of the hacking. Instead, they hired hackers on the Dark Web to carry out the cyberattacks. In October 2017, two other hackers were arrested by French police in France while the final eighth accomplice - also a French national - was arrested in Thailand last month.
"This case illustrates that cyber-related extortion remains a common tactic among cybercriminals," Europol said in a statement. "As indicated in the report, for such financially motivated extortion attempts, attacks are typically directed at medium-sized or large enterprises, with payment almost exclusively demanded in Bitcoins."