Reveton leader Ransom Cartel arrested and extradited to the United States to face charges
The leader of the Ransom Cartel and Reveton ransomware operations has been arrested and extradited to the United States.
Maksim Silnikau, a Belarusian-Ukrainian citizen who calls himself “JP Morgan”, “lansky” and “xxx”, was arrested in Spain on July 18 as part of an international operation coordinated by the National Crime Agency (NCA). from the United Kingdom. He was then extradited from Poland to the United States to face his charges on August 9.
Silnikau will face two indictments, one in the Eastern District of Virginia for the creation of the Ransom Cartel and another in the District of New Jersey for the malvertising operation.
“Today, the Department of Justice takes another step to disrupt ransomware actors and malicious cybercriminals who prey on victims in the U.S. and around the world,” Deputy Attorney General Lisa Monaco said in a statement. from the US Department of Justice.
“As alleged, for more than a decade, the defendant used a series of online disguises and a network of fraudulent advertising campaigns to spread ransomware and defraud American businesses and consumers.
“Now, thanks to the hard work of federal agents and prosecutors, along with his Polish law enforcement colleagues, Maksim Silnikau must answer to these serious charges in a U.S. court.”
Two other individuals, Vladimir Kadariya of Belarus and Andrei Tarasov of Russia, will also face charges related to Silnikau’s cybercrime operations.
According to the NCA, Silnikau’s criminal activity was first detected in 2011, when it launched the first ransomware-as-a-service (RaaS) operation, Reveton.
“Reveton victims received messages purporting to come from the authorities, with a notification that would lock their screen and system, accusing them of downloading illegal content, such as child abuse material and copyrighted programs,” the NCA said.
“Reveton could detect the use of a webcam and take an image of the user to accompany the notification with a demand for payment.
“Victims were then forced to pay large fines for fear of being imprisoned or regaining access to their devices.
“The scam resulted in approximately $400,000 being extorted from victims each month between 2012 and 2014.”
Ransom Cartel, Silnikau’s most recent RaaS operation, launched in December 2021 and, like many modern ransomware operators, is known for its double extortion techniques.
Experts believe there are connections between Ransom Cartel and the infamous REvil ransomware gang, citing technical and operational similarities.
Furthermore, Ransom Cartel appeared just a month before Russia’s Federal Security Service first dismantled the REvil ransomware in January 2022 and just a month after 14 of its alleged members were arrested in Russia.