Emil Apreda, 33, was identified as the individual behind a series of threats made to the NHS via email last year following an investigation by the National Crime Agency.
Apreda, who was living in Berlin, sent the initial email containing the threat and ransom demand for £10 million in bitcoin to the NHS on 12 April 2020. He sent it via the TOR network in an attempt to remain anonymous and claimed to be from far-right organisation Combat18.
A high-priority investigation was launched by the NCA, led by specialist cyber crime officers, in order to identify the offender and prevent any attack on the NHS during the height of the Covid-19 pandemic.
This was made more complex by the offender’s use of anonymisation techniques.
Nigel Leary, Deputy Director of the NCA’s National Cyber Crime Unit, said: “As soon as this was reported to us, we took the threat extremely seriously. For it to be carried out would have been absolutely catastrophic.
“At the time, all we knew was that we were dealing with someone who intended deploy a bomb at an unspecified hospital in the UK.
“The NHS were and still are at the forefront of the UK’s response to the Covid 19 pandemic. They were treating patients in their thousands, many of whom were reliant on oxygen.
“Anything that threatened their ability to do that, or reduced the public’s confidence in attending hospitals for treatment was unacceptable.”
As well as working to identify the criminal behind the emails, NCA officers, along with Counter Terrorism specialists and staff responsible for Critical National Infrastructure, worked closely with the NHS who took various measures to increase security at hospitals.
Despite his emails being in English, NCA investigators using niche cyber capabilities, as well as behavioural and linguistic analysis, determined that the offender was likely a native German speaker.
Working jointly with the German authorities, officers identified the emails were being sent from a computer at an address in Steglitz, Berlin. Apreda, one of the occupants, was placed under surveillance by the Landeskriminalamt (LKA).
In the meantime, he continued to send emails – 18 in total – to the NHS and the NCA, in which he also threatened to attack MPs and bomb Black Lives Matter protesters in the UK.
On 15 June specialist firearms officers from the Berlin Police used explosives to force entry to his flat and arrest him. He was charged with attempted extortion and remanded in custody.
The NCA investigation continued until the point at which officers could be satisfied he was acting alone.
Apreda remained in custody throughout the duration of his trial at the District Criminal Court in Berlin, where he was convicted today (26/02/2021) and sentenced to three years in prison.
He will be released on bail until the judge’s decision is ratified.
Nigel Leary added: “Apreda made cynical attempts to bring down our health service when it was at its most vulnerable. The impact of this was huge and it’s only right that he faces jail time.
“Protecting the NHS and the public was an absolute priority throughout this investigation and we used all the tools at our disposal to ensure he was identified and brought to justice.
“Apreda carried out his crimes against the UK hidden behind a computer screen in Germany. Cybercrime knows no borders and so our work with international partners is key to tackling it.
“The support of the German authorities, particularly the LKA and BKA, was vital to the successful outcome of this investigation.”
An NHS spokesperson said: “The threat made during the extortion demand significantly added to the pressures on the NHS during the covid pandemic and meant senior leaders and emergency response staff were called on to direct the NHS aspects of the response to this threat.
“The threat and demand was made at a time that hospitals were at their most vulnerable, and could have resulted in significant loss of life.”