National Criminal Police declare the leader of Asper Biogene data theft group an international fugitive

12.12.2024 | 11:04

    • Share

In November 2023, approximately 100,000 files containing the personal and health data of about 10,000 people were illegally downloaded from the database of Asper Biogene OÜ. The National Criminal Police identified a group of four individuals suspected of the crime, led by Russian national Vladislav Rybakov. The leader of the group was declared an international fugitive in cooperation with the Office of the Prosecutor General.

Based on evidence gathered in the criminal investigation so far, there is reason to believe that accessing the company’s database and downloading the data was a planned and organised operation. Ago Ambur, Head of the Cybercrime Bureau of the National Criminal Police, explained that the evidence gathered suggested that a group of four individuals had been working systematically and continuously over two months, with Russian citizen Vladislav Rybakov playing a leading role. “The group’s actions were characterized by a specialised division of roles, where, according to suspicions, each member had a specific task in carrying out the data theft – from identifying security vulnerabilities in computer systems to issuing ransom demands for the stolen data,” Ambur described.

Vladislav Rybakov is suspected of being part of a group that unlawfully gained access to a computer system. Following the data breach, the perpetrators issued a ransom demand, leading to suspicions that Rybakov is also involved in large-scale extortion, i.e. coercion to transfer proprietary benefits by threatening to damage property. If convicted, he could face a prison sentence of up to 12 years.

Office of the Prosecutor General requested the Harju County Court to arrest Rybakov. The court granted the request, issuing an arrest warrant in absentia, and Rybakov was also declared an international fugitive.

According to State Prosecutor Vahur Verte, cybercrime has become increasingly serious and poses a growing threat. “Criminals can disrupt our daily lives, harm businesses, damage national systems, and jeopardise individuals’ personal safety and data privacy. Stopping cyber criminals and bringing them to justice is essential to fostering trust in digital environments. By combating system intrusions, data theft, and other crimes, we ensure a safer digital space for everyone. The request by the Prosecutor’s Office for the in-absentia arrest and international search for Vladislav Rybakov means that if he enters a country that shares similar values to Estonia, that country has the right to detain him and extradite him to Estonia to face justice. This step demonstrates that the National Criminal Police and the Prosecutor’s Office work tirelessly with both domestic and international partners to ensure that offenders are held accountable for their actions, no matter where in the world they commit their crimes,” Verte explained.

As Rybakov is suspected to have played a leading role, the criminal investigation has primarily focused on his activities. “If other group members wish to ease their conscience, they can always write to [email protected]. Hiding is not a viable option,” Ambur affirmed.

The success of the data theft was attributed to the group’s systematic actions and unpatched security vulnerabilities. “According to the evidence gathered, the attack began with identifying security flaws that could provide access to the information system database. Once such a vulnerability was found, the group gained access to user accounts and their encrypted passwords (password hashes). These were decrypted, and the suspects then exploited another vulnerability using an employee’s password to install malware on the system. This malware, controlled remotely via the web, allowed access to all parts of the information system of interest, including files and databases containing personal and health data. Due to the large volume of data that interested the suspects, a specialised tool was developed for downloading the dataset, after which a ransom demand was issued to the company,” Ambur explained, based on evidence gathered during the criminal investigation. So far, there is no evidence that the leaked data has been used for criminal purposes.

The criminal proceedings are being conducted by the Cybercrime Bureau of the National Criminal Police in cooperation with the Crime Bureau of the South Prefecture. The proceedings are led by the Office of the Prosecutor General.
 

Further questions