An Arrested Spy from Belarus and Ukraine Extradited to the United States for Ransomware and Cybercrime Allegations
An alliance of law enforcement groups coordinated by the U.K. National Crime Agency (NCA) resulted in the detention and handover of a Belarusian and Ukrainian national suspected of belonging to Russian-speaking cybercrime organizations.
Maksim Silnikau (also known as Maksym Silnikov), aged 38, operated under the aliases J.P. Morgan, xxx, and lansky. He was transported to the U.S. from Poland on August 9, 2024, to respond to allegations associated with global computer intrusion and electronic deceit schemes.
“J.P. Morgan and his team are sophisticated cyber felons who practiced maximum operational and online security to evade detection by law enforcement,” specified the NCA in a statement announcing his capture.
According to the agency, these individuals were accountable for crafting and circulating ransomware variants like Reveton and Ransom Cartel, in addition to exploit kits such as Angler. Reveton, launched in 2011, has been labeled the pioneer of the “first-ever ransomware-as-a-service business model.”
Individuals targeted by Reveton were deceived into receiving messages supposedly sent by law enforcement, accusing them of downloading illegal content and warning them of substantial fines to evade incarceration and unlock their devices.
The scheme led to extracting around $400,000 monthly from victims between 2012 and 2014, while Angler contaminations contributed to an estimated yearly revenue of approximately $34 million at its peak. It is believed that up to 100,000 devices were victimized by the exploit kit.
Silnikau, in collaboration with Volodymyr Kadariya and Andrei Tarasov, was involved in the distribution of Angler and utilized malware-based advertising methods from October 2013 through March 2022 to disseminate malevolent and deceptive content with the intention of deceiving users into revealing their sensitive personal data.
The purloined data, including financial details and login credentials, as well as access to the breached devices, were subsequently commercialized in Russian cybercrime forums on the dark web.
“Silnikau and his accomplices purportedly employed malware and multiple online frauds to target numerous unsuspecting web users in the United States and across the globe,” mentioned FBI Deputy Director Paul Abbate stating. “They operated behind virtual identities and partook in intricate, broad-reaching cyber scam operations to infiltrate victims’ systems and pilfer sensitive personal data.”
The fraudulent operation not only coerced unsuspecting netizens into being involuntarily redirected to malevolent content on numerous occasions but also defrauded various U.S.-based enterprises engaged in legitimate online ad transactions, as stated by the U.S. Justice Department (DoJ).
A key technique employed to dispense malware was the Angler Exploit Kit, which employed web-based susceptibilities in web browsers and add-ons to deploy “scareware” advertisements that touted detecting a computer virus on victims’ machines and tricked them into downloading remote access trojans or sharing personal or financial data.
“For years, the conspirators hoodwinked advertising firms into facilitating their malicious ad campaigns by adopting multiple online personas and fictitious entities to masquerade as authentic advertising entities,” communicated the DoJ.
“They also engineered and utilized sophisticated technologies and software code to hone their malicious advertisements, malware, and computing infrastructure to conceal the malicious intent of their advertising.”
An independent indictment from the Eastern District of Virginia further accused Silnikau of devising and administering the Ransom Cartel ransomware since May 2021.
“On various occasions, Silnikau purportedly disseminated information and tools to Ransom Cartel participants, including details regarding compromised machines, like stolen login credentials, and tools designed to encrypt or ‘lock’ compromised computers,” as referenced by the DoJ.
“Silnikau additionally created and sustained a hidden website where he and his accomplices could oversee and regulate ransomware assaults; correspond with each other; interact with victims, inclusive of transmitting and negotiating ransom demands; and supervise the disbursement of funds among the accomplices.”
Kadariya, Tarasov, and Silnikau have been indicted with conspiracy to commit electronic fraud, conspiracy to commit computer fraud, and two charges of concrete electronic fraud. Silnikau is further charged with conspiracy to engage in computer fraud and abuse, conspiracy to commit electronic fraud, conspiracy to commit access tool fraud, and two counts each of electronic fraud and aggravated identity theft.
If found guilty on all charges, he could be sentenced to more than five decades behind bars. Prior to his extradition, he was apprehended from a residence in Estepona, Spain in July 2023 as part of a joint operation involving Spain, the U.K., and the U.S.
“Their effects extend well beyond the exploits they initiated themselves,” stated NCA Deputy Director Paul Foster. “They essentially spearheaded both the exploit kit and ransomware-as-a-service strategies, which have facilitated the proliferation of cybercrime and continue to aid perpetrators.”
“These are highly adept cyber criminals who, for several years, were proficient at obfuscating their operations and identities.”
About Author
