A coalition of law enforcement agencies coordinated by the UK’s National Crime Agency (NCA) has led to the arrest and extradition of a Belarusian and a Ukrainian dual national believed to be linked to Russian-speaking cybercriminal groups.
38-year-old Maksim Silnikov (aka Maksim Silnikov) went by the pseudonyms JP Morgan, xxx and lansky on the Internet. He was extradited to the United States from Poland on August 9, 2024 to face charges related to international computer hacking and fraud schemes.
“J. Mr Morgan and his associates are elite cybercriminals who practice extreme operational and online security to avoid detection by law enforcement,” the NCA said. said in the statement.
According to the agency, these individuals were responsible for the development and distribution of ransomware strains such as Reveton and Cartel buyoutsas well as exploit kits I like it Fisherman. Reveton, introduced in 2011, was described as “the first-ever ransomware-as-a-service business model.”
Reveton victims were found to have received messages purportedly from law enforcement accusing them of downloading child abuse material and copyrighted software and threatening them with hefty fines to avoid jail time and gain access to their locked devices.
The scam resulted in roughly $400,000 being extorted from victims every month between 2012 and 2014, and Angler’s annual turnover at its peak was around $34 million. The exploit kit is believed to have targeted around 100,000 devices.
Silnikov, along with Uladzimir Kadaria and Andrei Tarasov, are said to have participated in the distribution of Angler and the use of malicious advertising techniques from October 2013 to March 2022 to deliver malicious and fraudulent content designed to trick users into providing sensitive personal information.
The stolen information, such as banking information and login credentials, as well as access to the compromised devices, were then offered for sale on Russian cybercrime forums on the dark web.
“Silnikov and his associates allegedly used malware and various Internet scams to target millions of unsuspecting Internet users in the United States and around the world,” said FBI Deputy Director Paul Ebbett. said. “They hid behind online aliases and engaged in sophisticated, far-reaching cyber fraud schemes to compromise victims’ devices and steal sensitive personal information.”
The criminal scheme not only caused unsuspecting Internet users to be forcibly redirected to malicious content on millions of occasions, but also defrauded and attempted to defraud various US companies involved in the sale and distribution of legitimate online advertising, according to the US Department of Justice ( DoJ ) said.
Prominent among the malware distribution methods was the Angler Exploit Kit, which used web vulnerabilities in web browsers and plug-ins to display “scare” ads that displayed warning messages claiming that a computer virus had been found on victims’ devices. and then tricked into downloading remote access Trojans or revealing personal or financial information.
“For years, the conspirators tricked ad companies into running their malicious ad campaigns by using dozens of online personas and shell organizations to pose as legitimate ad campaigns,” the Justice Department said.
“They also developed and used sophisticated technology and computer code to enhance their adware, malware, and computer infrastructure to hide the malicious nature of their ads.”
A separate indictment from the Eastern District of Virginia also accused Silnikov of being the creator and administrator of the Ransom Cartel ransomware strain beginning in May 2021.
“On various occasions, Silnikov allegedly distributed information and tools to members of the Ransom Cartel, including information about compromised computers, such as stolen credentials, and tools, such as those designed to encrypt or ‘lock’ compromised computers,” the Department of Justice said.
“Silnikov also allegedly created and maintained a hidden website where he and his accomplices could track and monitor ransomware attacks; communicate with each other; communicate with victims, including sending and negotiating payment requests; and manage the distribution of funds among the accomplices. “
Silnikov, Kadaria and Tarasov were charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud and two counts of substantial fraud. Silnikov was also charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, conspiracy to commit access device fraud, and two counts each of wire fraud and identity theft.
If convicted on all counts, he faces more than 50 years in prison. Prior to his extradition, he was arrested at an apartment in Estepona, Spain, in July 2023 as part of a coordinated operation between Spain, the United Kingdom and the United States
“Their influence goes far beyond the attacks they themselves have launched,” said NCA deputy director Paul Foster. “They essentially pioneered both the exploit kit and ransomware-as-a-service models that made it easier for people to engage in cybercrime and continue to help offenders.”
“These are highly sophisticated cybercriminals who have skillfully disguised their activities and identities over a number of years.”
