Belarusian-Ukrainian national and one of the world’s most prolific Russian-speaking cybercrime actors has been arrested in an international operation and extradited to the U.S.
The suspect, Maksim Silnikau, was arrested in Spain last in July. He then extradited from Poland to the U.S. to face charges related to cybercrime. Silnikau made his initial appearance in a U.S. court.
The court documents says he led two multi-year cybercrime schemes and, along with co-conspirators in 2011, created the first ever ransomware-as-a-service business model called Reveton, which allowed low-skilled criminals to launch ransomware attacks for a fee.
His alleged co-conspirators, Belarusian-Ukrainian Vladimir Kadariya, 38, and Russian Andrei Tarasov, 33, are also facing charges in the U.S. With the help of Reveton, the criminals were able to extort approximately $400,000 from victims every month from 2012 to 2014.
Silnikau was also allegedly behind the Angler exploit kit, which he used to conduct “malvertising” campaigns that involved injecting malicious code into digital advertisements to deliver malicious content. These campaigns defrauded various U.S.-based companies involved in the sale and distribution of legitimate online advertisements, according to the indictment.
Silnikau is accused of creating and administering the Ransom Cartel ransomware strain as well, which according to the indictment was deployed against a company based in California to steal data before hackers demanded a ransom.
With the help of Singapore police, the NCA said that they were able to locate the infrastructure used to manage and operate the Ransom Cartel ransomware strain and ensure that it was taken offline following the arrests.
Silnikau, Kadariya, and Tarasov allegedly used a variety of strategies to profit from their widespread hacking and wire fraud scheme, including using accounts on predominantly Russian cybercrime forums to sell cybercriminals access to compromised devices, as well as stolen banking information and login credentials.
If convicted, the three could face maximum sentences of 27 years in prison for wire fraud conspiracy, 10 years for computer fraud conspiracy, and 20 years in prison on each wire fraud count.
