RansomedVC-linked hacker arrested in Bulgaria

Teodor Vanev Iliev was arrested in Bulgaria‘s capital Sofia, over the hacking of multiple state institutions. Cybersecurity experts previously linked the hacker with a cybergang that claimed to have breached Sony, RansomedVC.

The Prosecutor’s Office of the Republic of Bulgaria announced the arrest of a 21-year-old, operating under the pseudonym of “Emil Külev“ over the hacking of “dozens of state institutions, commercial banks, insurance companies, and other legal entities.”

Authorities have charged Iliev with crimes committed from 2020 through to 2024, which would mean that the hacker was 17 years old when he committed the first crimes that alerted law enforcement.

The Bulgarian authorities claim the police searched 20 locations all over the country until they pinned down the hacker. Iliev, also known as MAGADANS, made headlines in Bulgaria after he allegedly leaked data from a local insurance company LEV INS, whose owner was assassinated a month after the leak was posted on BreachForums.

While the announcement of Ilievs' arrest doesn’t mention the hackers’ affiliations with any ransomware gangs, researchers have pointed out similarities between “Emil Külev“ and RansomedVC in the past.

Cybersecurity pundits have also said that Iliev operated under several other aliases, including Kmeta, Impotent, and Dastardy.

In late 2023, RansomedVC claimed several large companies, including the Japanese multinational conglomerate Sony Corporation. However, researchers speculated that some of the supposed RansomedVC hacks may have been fake or attempts to resell previously stolen data.

The ransomware gang soon met its end with its owner attempting to, unsuccessfully, sell the operation. According to the Cybernews ransomware monitoring tool, Ransomlooker, the gang self-reported victimizing 41 organizations over the span of its existence.