The US Charges Cybercriminal After Years of Investigation
After a lengthy investigation, the United States has charged Maksim Silnikau, a suspect whom they claim to be a notorious cybercriminal from Belarus and Ukraine. His alleged criminal activities date back to 2011. Recently extradited from Poland, Silnikau now faces formal indictments in New Jersey and Virginia for crimes involving malvertising and ransomware.
Who is Maksim Silnikau?
Maksim Silnikau is accused of operating under various online aliases, including "J.P.Morgan," "xxx," and "lansky." According to the Department of Justice, these aliases were used in numerous cybercrimes. The UK's National Crime Agency (NCA) had been tracking Silnikau since 2015, and they led the international operation that resulted in his arrest in Spain last year.
The Charges Against Silnikau
The NCA describes Silnikau as an "elite cybercriminal" and one of the most prolific Russian-speaking cybercrime actors. He is believed to be the founder of Reveton, the first-ever ransomware-as-a-service group. Alongside him, his alleged associates Volodymyr Kadariya and Andrei Tarasov are also facing charges in the US but remain at large.
The Malvertising Scheme
Silnikau is accused of participating in a long-running malvertising scheme from 2013 to 2022. This involved purchasing ad space on legitimate websites and then redirecting users to malicious sites that delivered malware to their devices. These deceptive ads often led to scareware, which would trick users into downloading software that, instead of fixing problems, would install real malware to steal data.
One of the most notable aspects of this scheme was the use of the Angler exploit kit, which was a tool used by cybercriminals to infect computers with malware. At its peak, it was responsible for 40% of all exploit kit infections, targeting approximately 100,000 devices and generating around $34 million annually.
Ransomware Operations
The second indictment against Silnikau pertains to his involvement with the Ransom Cartel group, which emerged in 2021. He is believed to have recruited affiliates from Russian cybercrime forums to carry out ransomware attacks. These attacks involved providing genuine login credentials and information about compromised devices to affiliates.
Silnikau was also linked to the Reveton ransomware group. This group pioneered the ransomware-as-a-service model, where victims' screens would be locked with a fake law enforcement notification demanding payment to regain access to their devices. This operation extorted victims for substantial amounts monthly between 2012 and 2014.
Legal Implications
In New Jersey, Silnikau, along with Kadariya and Tarasov, face charges of conspiracy to commit wire fraud, computer fraud, and substantive wire fraud. If convicted, they could face up to 27 years in prison for wire fraud conspiracy and additional penalties for other charges. In Virginia, Silnikau faces further charges relating to computer fraud, wire fraud, access device fraud, and identity theft, which could result in a minimum of two years to a maximum of 20 years in prison.
