Blog

COURT DOC: USA v. Mark Sokolovsky, aka “Photix”, aka “raccoonstealer”, aka “black21jack77777”

October 26, 2022

On Tuesday, federal grand jury indictment charges against Ukrainian national Mark Sokolovsky were unsealed. The documents allege that Sokolovsky, 26, is connected to Raccoon Infostealer, a cybercrime operation that infected millions of computers globally with malware.

Sokolovsky is charged with one count of conspiracy to commit computer fraud and related activity in connection with computers; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft. He is currently being held in the Netherlands in accordance with an extradition request by the United States.

Court documents claim that Sokolovsky was involved with the operation of the malware-as-a-service (“MaaS”) Raccoon Infostealer, which stole private data, including login and account credentials, financial records, and other personal information, from victims. The malware was leased to threat actors for approximately $200 per month, to be paid in cryptocurrency, and was preceded by other attack methodologies, including email phishing, in order to install the program onto victims’ devices. Stolen data was then used to commit further financial crimes or was found on illicit marketplaces for sale.

It is estimated by the FBI that over 50 million unique pieces of private data, belonging to millions of victims worldwide, were stolen using this malware. Following Sokolovsky’s arrest by Dutch authorities in March 2022, the FBI was assisted by law enforcement in Italy and the Netherlands in taking the existing version of Raccoon Infostealer offline. The United States does not believe it is in possession of all stolen data, so these figures may grow as they continue their investigation.

To find out if you have been a victim of Raccoon Infostealer, you can visit raccoon.ic3.gov, a website created by the FBI to help potentially-affected individuals identify if their email address is associated with any of the data currently possessed by the United States. They encourage victims to fill out a detailed complaint and share any harm experienced by their information being stolen at the FBI’s Internet Crime Complaint Center (IC3).

The full announcement from the DOJ can be found here.

And to learn more about Flashpoint’s Compromised Credentials Monitoring solutions, visit our CCM page.

Begin your free trial today.