Cybercrime
,
Fraud Management & Cybercrime
,
Ransomware
Maksim Silnikau, aka “J.P.Morgan,” Charged in New Jersey and Virginia Federal Court
A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online criminal career.
See Also: Webinar | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Belarussian and Ukrainian dual-national Maksim Silnikau, 38, allegedly led two multiyear cybercrime schemes for which he faces federal criminal indictments in New Jersey and Virginia. His online handles include “J.P.Morgan,” “lansky,” and “xxx.”
Poland extradited Silnikau to the United States on Friday; authorities first arrested him in the southern Spanish seaside town of Estepona in July 2023. Silnikau allegedly was a key player in the Reveton criminal group, “the first ever ransomware-as-a-service business model,” according to the U.K. National Crime Agency, which disclosed the Spanish, British and U.S. operation that led to Silnikau’s capture.
Reveton gave low-skilled cybercriminals access, for a fee, to malware that locked user out of their computers. Reveton displayed messages putatively from law enforcement accusing victims of downloading illegal content and copyrighted applications. The British agency said Reveton scammed approximately $400,000 from victims every month from 2012 to 2014.
Virginia prosecutors concentrated on Silnikau’s time helming the Ransom Cartel operation, charging him with seven counts including aggravated identity theft, wire fraud and conspiracy to commit offenses against the United States.
The indictment quotes a May 4, 2021 ad posted by Silnikau and co-conspirators on a Russian-speaking online forum seeking to buy access to compromised computers in which they said they “will consider working with you on commission (%).” Prosecutors say Silnikau also established and maintained the dark web panel through which Ransom Cartel communicated with affiliates. Such panels are a mainstay of ransomware-as-a-service operations and increasingly the targets of law enforcement takedown operations (see: Ransomware Operation LockBit Relaunches Dark Web Leak Site).
Malware researchers have noted similarities between the Ransom Cartel operation and REvil, the Russian-speaking ransomware group that was unusually dismanteled by Russia’s Federal Security Agency, the FSB, in January 2022 (see: Suspected REvil Ransomware Spinoff ‘Ransom Cartel’ Debuts).
Silnikau’s prosecution in New Jersey – where he made his initial U.S. court appearance – centers on a maladvertising spree that began in October 2013 and lasted through March 2022. Along with indicted co-conspirators Vladimir Kadariya, 38, from Belarus, and Andrei Tarasov, 33, from Russia, Silnikau allegedly disseminated the Angler Exploit Kit by through malicious advertising campaigns dressed up to appear legitimate. “At its peak, Angler represented 40% of all exploit kit infections, having targeted around 100,000 devices and with an estimated annual turnover of around $34 million,” the U.K. National Crime Agnecy said.
The indicted trio also used the online advertising stack to distribute locker software – malware that locks up devices for extortion rather than encrypting them – and scareware.
Silnikau, Kadariya, and Tarasov faced up to 57 years in prison if convicted. Silnikau faces the possibility of another 20 years for charges made in Virginia federal court.
Prosecutors said Silnikau began frequenting Russian-language cybercrime forums starting at least in 2005 and was a member of Direct Connection, an underground forums for elite cybercriminals from 2011 until its 2016 closure by law enforcement.