Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies

Italian police have dismantled a Romanian ransomware gang that targeted civil rights groups, design and film production companies, as well as international nonprofits in northern Italy, authorities said this week.

The group, known as “Diskstation,” is accused of encrypting victims’ systems and demanding large cryptocurrency ransoms to restore access to their data, Italy’s Postal and Cybersecurity Police said in a statement.

The operation was launched after several companies in the Lombardy region reported being locked out of their systems. The investigation, carried out in coordination with French and Romanian law enforcement, led to the identification of several Romanian nationals allegedly involved in the attacks.

In June, police raided multiple homes in Bucharest, seizing digital evidence and apprehending several suspects — some of whom were allegedly caught in the act of carrying out cyberattacks.

A Milan judge ordered the pre-trial detention of the suspected group leader, a 44-year-old Romanian man, who faces charges of unauthorized access to computer systems and extortion.

Authorities provided few details about the group but, according to previous reports, Diskstation has been active since at least 2021 and is known for exploiting vulnerabilities in internet-connected Synology Network-Attached Storage (NAS) devices — file servers used in corporate environments.

In a separate case announced earlier this week, Romanian police arrested 13 people suspected of running a large-scale tax fraud scheme targeting the U.K. government. Authorities said the group used phishing attacks to steal personal data and file fake tax claims worth millions of pounds.