A Romanian woman admitted on Thursday her participation in a ransomware distribution scheme that ended up disabling computers used by the Washington D.C. police for surveillance.

The computer intrusion affected systems connected to 126 surveillance cameras, representing two-thirds of the outdoor cameras monitored by the Metropolitan Police Department.

Eveline Cismaru, a suspect in the investigation of the incident, entered a guilty plea for one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer fraud.

The charges carry statutory maximums of 20 years and five years in prison, but the calls for full cooperation in the investigation, which reduces the final sentence.

The computers were infected with ransomware variants called “cerber” and “dharma.” Following the compromise the systems showed a ransom note demanding Bitcoin payment estimated at $60,800 at the time.

Worst time...EVER

The attack happened at one of the worst times possible: the beginning of January 2017, just days before the Presidential Inauguration and smack in the middle of preparations for the event, which is closely monitored by the Secret Service.

As such the Secret Service’s Washington Field Office got on the case and their investigation led to two suspects: Eveline Cismaru and Mihai Alexandru Isvanca, both from Romania.

Woman arrested in Romania caught for good in the UK

Isvanca and Cismaru were arrested on December 15, 2017, at the Henri Coanda airport in Bucharest.

Isvanca remained in police custody and is currently pending extradition to the United States, while Cismaru got house arrest until finalization of legal procedures.

Cismaru spent a few weeks under house arrest, then decided to flee Romania. She enjoyed about a couple of months of freedom, as police caught her in the United Kingdom and extradited her to the US.

The bigger picture

According to details from the investigation, the two Romanians had planned a larger operation, where the police computers would be used as proxies to distribute the ransomware to other machines.

"At the time investigators disrupted the scheme, the conspirators were in the process of attacking as many as 179,616 other computers using stolen e-mails, e-mail passwords and banking credentials," informs a press release from the Secret Service.

Reaching the final stages of the matter was possible with help from law enforcement partners in the United Kingdom, the Netherland’s National High Tech Crime Unit, the Romanian National Police (Service for Combating Cybercrime), Europol, MPD, and the FBI’s Washington, D.C. and Houston Field Offices. Also, the Office of International Affairs of the Department of Justice’s Criminal Division provided significant assistance.

Related Articles:

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

The Week in Ransomware - October 5th 2018 - Restaurant Shutdowns & Exploit Kits

The Week in Ransomware - September 28th 2018 - RDP and gandCrab

The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma

Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week