French police detain suspect who laundered €19 million in ransomware payments

In recent years, the public as a whole has become well-accustomed to high-profile ransomware attacks, especially since the global WannaCry ransomware attack in 2017. This trend, like cybercrime in general, has also been spurred on by the recent COVID-19 pandemic.


Developing an effective response capability to ransomware requires taking specific steps for prevention, preparation, detection, verification, containment, eradication, and recovery. With LIFARS Ransomware Response Package, you will have the tools, processes, and team at your disposal to stand ready for even the most devious ransomware attack.


Just as it seems as if ransomware has become an everyday part of life, affecting every level of society, governments and law enforcement all over the world have picked up their efforts to crackdown on ransomware gangs and related threat actors. Many of the recent major crackdowns have been joint operations between law enforcement agencies from different nations, and even private businesses, like Microsoft, have helped facilitate main successful raids and sting operations.

Among just some of the successful busts on ransomware groups this year includes:

  • February: Egregor/Maze ransomware group in Ukraine.
  • March: The arrest of a GandCrab affiliate in South Korea.
  • June: Arrest of money launderers in Ukraine working with the CLOP gang.
  • September: Governments sanctions made against the Russian crypto-exchange Suex for facilitating ransomware payments.
  • October: Arrest of 12 suspects in connection with the LocerGoga ransomware as well as a further two ransomware operators.
  • November: Sanctions made against crypto-exchange Chatex for facilitating ransomware payments as well as the arrest of REvil, GrandCab, and Ryuk affiliates. Authorities also indicted a REvil affiliate based in Russia for a 2019 ransomware attack against municipalities in Texas.
  • December: Arrest of a Canadian for an attack on an Alaska-based healthcare provider and another ransomware affiliate in Romania.

In mid-December, French authorities announced that they too have taken action against a ransomware cybercriminal. Precise details on the case have not been released, but the suspected has been arrested for allegedly laundering more than €19 million (~$21.4 million) in ransomware payments.

It’s unclear at this stage which, if any, ransomware gangs this individual is involved with, who the victims are, and what specific ransomware software was used.

Authorities have also not released the name of the suspect. All we know is that the arrested individual is a male from the Vaucluse department in southeast France.

How to mitigate the damage of a ransomware attack

Unfortunately, multimillion-dollar ransomware attacks like these are now all too commonplace. According to IBM’s cost of a data breach report 2021, the average ransomware data breach today costs a company roughly $4.62m, up 10% from 2020.

In most cases, it’s impossible to create a system so secure it’s 100% safe from ransomware. For many companies, it’s just a matter of when not if, they get hit by a ransomware attack. In that case, you need to have the systems and processes in place to mitigate the damage as far as possible.

According to the same report, companies can take a number of steps to reduce the impact of ransomware attacks:

  • Data breaches in hybrid models cost on average $3.61m, 28.3% less than public cloud breaches and even less than private cloud breaches.
  • AI and automation can reduce the cost of a data breach by up to 80%.
  • Proper compliance with recommended security measures for complex systems can reduce the cost by $2.30m.
  • Deploying and utilizing mature zero-trust models can reduce the cost by a further $1.76m.



Cost of a Data Breach Report 2021