Blog

Leader of International Malvertising and Ransomware Schemes Extradited from Poland to Face Cybercrime Charges

Justice Department unseals charges against two additional international cybercriminals.

Default Author Image
August 14, 2024

“WASHINGTON – A Belarussian and Ukrainian dual-national charged in both the District of New Jersey and Eastern District of Virginia with leading international computer hacking and wire fraud schemes made his initial appearance in Newark, New Jersey, today after being extradited from Poland.”

“As alleged in court documents unsealed today, Maksim Silnikau, also known as Maksym Silnikov, 38, led two multiyear cybercrime schemes. At different points, Silnikau has been associated with the online monikers ‘J.P. Morgan,’ ‘xxx,’ and ‘lansky,’ among others.”

“In the District of New Jersey, Silnikau, along with alleged co-conspirators Volodymyr Kadariya, a Belarussian and Ukrainian national, 38, and Andrei Tarasov, a Russian national, 33, are charged with cybercrime offenses associated with a scheme to transmit the Angler Exploit Kit, other malware, and online scams to the computers of millions of unsuspecting victim internet users through online advertisements — so-called ‘malvertising’ — and other means from October 2013 through March 2022. In the Eastern District of Virginia, Silnikau is charged for his role as the creator and administrator of the Ransom Cartel ransomware strain and associated ransomware operations beginning in May 2021.”

District of New Jersey Indictment

“According to the indictment unsealed in the District of New Jersey, from October 2013 through March 2022, Silnikau, Kadariya, Tarasov, and others in Ukraine and elsewhere used malvertising and other means to deliver malware, scareware, and online scams to millions of unsuspecting Internet users in the United States and elsewhere. The malvertising campaigns were designed to appear legitimate, but often redirected victim Internet users who viewed or accessed the advertisements to malicious sites and servers that sought to defraud the users or delivered malware to the users’ devices. The conspirators’ scheme caused unsuspecting Internet users to be forcibly redirected to malicious content on millions of occasions, and defrauded and attempted to defraud various U.S.-based companies involved in the sale and distribution of legitimate online advertisements.”

“One strain of malware that Silnikau and others allegedly took a leading role in disseminating was the Angler Exploit Kit, which targeted web-based vulnerabilities in Internet browsers and associated plug-ins. At times during the scheme, the Angler Exploit Kit was a leading vehicle through which cybercriminals delivered malware onto compromised electronic devices. The conspirators also allegedly enabled the delivery of ‘scareware’ ads that displayed false messages claiming to have identified a virus or other issue with a victim Internet user’s device. The messages then attempted to deceive the victim into buying or downloading dangerous software, providing remote access to the device, or disclosing personal identifying or financial information.”

“For years, the conspirators tricked advertising companies into delivering their malvertising campaigns by using dozens of online personas and fictitious entities to pose as legitimate advertising companies. They also developed and used sophisticated technologies and computer code to refine their malvertisements, malware, and computer infrastructure so as to conceal the malicious nature of their advertising.”

“As alleged, Silnikau, Kadariya, Tarasov, and conspirators used multiple strategies to profit from their widespread hacking and wire fraud scheme, including by using accounts on predominantly Russian cybercrime forums to sell to cybercriminals access to the compromised devices of victim Internet users (so-called ‘loads’ or ‘bots’), as well as information stolen from victims and recorded in ‘logs,’ such as banking information and login credentials, to enable further efforts to defraud the victim Internet users or deliver additional malware to their devices.”

Eastern District of Virginia Indictment

“According to the indictment unsealed in the Eastern District of Virginia, Silnikau was the creator and administrator of the Ransom Cartel ransomware strain, created in 2021. Silnikau allegedly had been a member of Russian-speaking cybercrime forums since at least 2005 and was a member of the notorious cybercrime website Direct Connection from 2011 to 2016, when the site was shuttered after the arrest of its administrator.”

“Beginning in May 2021, Silnikau allegedly developed a ransomware operation and began recruiting participants from cybercrime forums. On various occasions, Silnikau allegedly distributed information and tools to Ransom Cartel participants, including information about compromised computers, such as stolen credentials, and tools such as those designed to encrypt or ‘lock’ compromised computers. Silnikau also allegedly established and maintained a hidden website where he and his co-conspirators could monitor and control ransomware attacks; communicate with each other; communicate with victims, including sending and negotiating payment demands; and manage distribution of funds between co-conspirators.”

“On Nov. 16, 2021, Silnikau allegedly executed a ransomware attack on a company based in New York, and on March 5, 2022, Ransom Cartel ransomware was deployed against a company based in California. The hackers removed confidential data without authorization and demanded a monetary payment to refrain from releasing the victim’s data.”

“In the District of New Jersey, Silnikau, Kadariya, and Tarasov are charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. If convicted, Silnikau, Kadariya, and Tarasov face maximum penalties of 27 years in prison for wire fraud conspiracy, 10 years in prison for computer fraud conspiracy, counts, and 20 years in prison on each wire fraud count.”

“In the Eastern District of Virginia, Silnikau is charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, conspiracy to commit access device fraud, and two counts each of wire fraud and aggravated identity theft. He faces a mandatory minimum of two years in prison and a maximum penalty of 20 years in prison.” (Source: US Department of Justice)

See Flashpoint in Action