‘Prolific’ malvertising scammer arrested and extradited to US to face charges

Avatar

A Belarusian-Ukrainian national dubbed “one of the world’s most prolific Russian-speaking cybercrime actors” by the British National Crime Agency (NCA) has been arrested in an international operation and extradited to the U.S.

The suspect, 38-year-old Maksim Silnikau, was arrested at his apartment in Spain in July. In August, he was extradited from Poland to the U.S. to face charges related to cybercrime. Silnikau made his initial appearance in a U.S. court on Monday.

According to court documents, he led two multi-year cybercrime schemes and along with co-conspirators in 2011 created the first ever ransomware-as-a-service business model — a product called Reveton which allowed low-skilled criminals to launch ransomware attacks for a fee. 

His alleged co-conspirators, Belarusian-Ukrainian Vladimir Kadariya, 38, and Russian Andrei Tarasov, 33, are also facing charges in the U.S. With the help of Reveton, the criminals were able to extort approximately $400,000 from victims every month from 2012 to 2014.

“For over a decade, the defendant used a host of online disguises and a network of fraudulent ad campaigns to spread ransomware and scam U.S. businesses and consumers,” said U.S. Deputy Attorney General Lisa Monaco in a statement on Monday. At different points, according to court documents, he has been associated with the online monikers “J.P. Morgan,” “xxx,” and “lansky.”

Silnikau was also allegedly behind the Angler exploit kit, which he used to conduct “malvertising” campaigns that involved injecting malicious code into digital advertisements to deliver malicious content. These campaigns defrauded various U.S.-based companies involved in the sale and distribution of legitimate online advertisements, according to the indictment.

At its peak, Angler represented 40% of all exploit kit infections, targeting around 100,000 devices and generating an estimated annual turnover of around $34 million, according to the NCA.

Silnikau is accused of creating and administering the Ransom Cartel ransomware strain as well, which according to the indictment was deployed against a company based in California to steal data before hackers demanded a ransom.

With the help of Singapore police, the NCA said that they were able to locate the infrastructure used to manage and operate the Ransom Cartel ransomware strain and ensure that it was taken offline following the arrests.

Silnikau, Kadariya, and Tarasov allegedly used a variety of strategies to profit from their widespread hacking and wire fraud scheme, including using accounts on predominantly Russian cybercrime forums to sell cybercriminals access to compromised devices, as well as stolen banking information and login credentials.

If convicted, the three could face maximum sentences of 27 years in prison for wire fraud conspiracy, 10 years for computer fraud conspiracy, and 20 years in prison on each wire fraud count.

NCA Deputy Director Paul Foster said that J.P. Morgan and his criminal network’s scams caused significant reputational and financial damage to victims, leading them to suffer “severe stress and anxiety.”

“Their impact goes far beyond the attacks they launched themselves. They essentially pioneered both the exploit kit and ransomware-as-a-service models, which have made it easier for people to become involved in cybercrime and continue to assist offenders,” he added.

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Swiss manufacturer investigating ransomware attack that shut down IT network

Next Post

China-linked hackers could be behind cyberattacks on Russian state agencies, researchers say

Related Posts

CISO Executive Network

August 12, 2024Location: Crown Sydney, Australiawebsite: https://ciso-exec.coriniumintelligence.com/ Have we fortified our defensive capabilities to match the demands of…
Avatar
Read More

NHIs Are the Future of Cybersecurity: Meet NHIDR

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
Avatar
Read More