Ryan McFarlane

soil, we had a team that was essentially tracking his activity to see if he was making any contacts or did anything that would indicate

He was part of this group.

Stacy and I are in the Miami field office reviewing this almost immediately, because this is the best opportunity we have to actually get some visibility that we can tie directly to an individual who we think is a member of the Bayrop group.

And we're rolling through this phone, through all the data, and we come across the Jabber chats.

And for the first time ever, we actually find communications that were encrypted but are decrypted or unencrypted on the endpoint on his phone talking about

Bayrob Group operations.

They're talking about crypto mining and how much they're making a month crypto mining.

He's talking to the head of the group who's in Romania.

At that time, they were making about $6,000 a month mining their network of infected systems.

Master fraud.

Master fraud, yep.

Incredibly technically gifted cyber actor out there.

We have a direct tie from this individual

It's a Bayrob group operations, and we know we've got the right people.

Stacy, you were in Bucharest, and I was in Brasov, which was where Nicolescu had a home at the end of a street.

And we were there when RNP made entry into the various locations that we had.

So what's it like going in their house and collecting that stuff?

So the way they were operating is they would actually meet up.

and everybody would essentially get a standard build.

So their laptops were all built out the same way, and Nicolescu would configure them to be essentially, you know, they get the cybercrime package, which means multiple levels of encryption.