Cyber security news for all

More

    Belarusian-Ukrainian Hacker Extradited to U.S. on Ransomware and Cybercrime Charges

    A collaborative effort by global law enforcement, spearheaded by the U.K. National Crime Agency (NCA), has culminated in the apprehension and extradition of a Belarusian-Ukrainian dual national linked to Russian-speaking cybercriminal syndicates.

    Maksim Silnikau, also known as Maksym Silnikov, 38, operated under the aliases J.P. Morgan, xxx, and lansky. On August 9, 2024, he was extradited from Poland to the United States to face charges tied to international computer hacking and wire fraud schemes.

    “J.P. Morgan and his network are high-level cybercriminals who employed rigorous operational and online security measures to evade detection by law enforcement,” the NCA stated in a release.

    These cybercriminals are believed to be behind the creation and distribution of notorious ransomware variants such as Reveton and Ransom Cartel, as well as exploit kits like Angler. Reveton, launched in 2011, is often cited as the progenitor of the “ransomware-as-a-service” model.

    Victims of Reveton received messages masquerading as official notices from law enforcement, accusing them of downloading illegal content and threatening heavy fines to avoid imprisonment and regain access to their locked devices.

    The scheme extorted approximately $400,000 per month from victims between 2012 and 2014, with infections from the Angler exploit kit generating an estimated annual revenue of $34 million at its zenith. It’s believed that up to 100,000 devices were compromised by this exploit kit.

    Silnikau, along with accomplices Volodymyr Kadariya and Andrei Tarasov, is accused of disseminating Angler and utilizing malvertising tactics from October 2013 through March 2022 to deliver malicious content designed to deceive users into surrendering their sensitive personal information.

    The stolen data, including banking details and login credentials, was then sold on Russian cybercrime forums on the dark web.

    “Silnikau and his co-conspirators allegedly used malware and online scams to target millions of unsuspecting internet users in the U.S. and around the world,” remarked FBI Deputy Director Paul Abbate. “They operated behind aliases and engaged in complex, far-reaching cyber fraud schemes to compromise victim devices and steal sensitive information.”

    The criminal enterprise not only redirected millions of internet users to malicious content but also defrauded and attempted to defraud various U.S.-based companies involved in the legitimate online advertising industry, according to the U.S. Justice Department (DoJ).

    A key method for spreading malware was the Angler Exploit Kit, which exploited vulnerabilities in web browsers and plugins to serve “scareware” ads. These ads displayed warning messages falsely claiming to have detected a virus on the victim’s device, deceiving them into downloading remote access trojans or divulging personal and financial information.

    “For years, the conspirators duped advertising companies into delivering their malvertising campaigns by masquerading as legitimate businesses using dozens of online personas and fictitious entities,” the DoJ revealed.

    “They also developed sophisticated technologies and computer code to refine their malicious advertisements, malware, and infrastructure, concealing the true nature of their activities.”

    In a separate indictment from the Eastern District of Virginia, Silnikau is accused of being the creator and administrator of the Ransom Cartel ransomware strain, beginning in May 2021.

    “Silnikau allegedly distributed tools and information to Ransom Cartel members, including details about compromised computers, stolen credentials, and tools for encrypting or locking the compromised devices,” the DoJ stated.

    “Silnikau also purportedly managed a hidden website where he and his accomplices could oversee and control ransomware attacks, communicate with victims, negotiate ransom demands, and distribute funds among the conspirators.”

    Silnikau, Kadariya, and Tarasov face charges of conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. Additionally, Silnikau is charged with conspiracy to commit computer fraud and abuse, conspiracy to commit access device fraud, and two counts each of wire fraud and aggravated identity theft.

    If found guilty on all counts, Silnikau could face over 50 years in prison. Before his extradition, he was arrested in July 2023 at an apartment in Estepona, Spain, as part of a coordinated effort between Spain, the U.K., and the U.S.

    “Their influence extends far beyond the attacks they executed themselves,” commented NCA Deputy Director Paul Foster. “They were pioneers of both exploit kits and ransomware-as-a-service models, making cybercrime more accessible and enabling a new generation of offenders.”

    “These are exceptionally sophisticated cybercriminals who, for years, excelled at concealing their activities and identities.”

    Recent Articles

    Related Stories