COURT DOC: Citizen of Estonia Admits Operating “Crypting” Service To Conceal Kelihos Botnet From Anti-Virus Software

Pavel Tsurkan, 33, of Estonia, pleaded guilty today in the District of Connecticut to a federal charge related to his role in operating a ‘crypting’ service used to conceal ‘Kelihos’ malware from antivirus software, enabling hackers to systematically infect victim computers around the world with malicious software, including ransomware.

Tsurkan provided the Crypt4U service to assist individuals who created and maintained networks of infected and compromised computers, known as ‘botnets.’ In particular, Tsurkan provided the Crypt4U service to Peter Yuryevich Levashov, who used the service in connection with the Kelihos botnet. The Kelihos botnet was used to send spam, to conduct denial of service attacks, and to distribute ransomware, among other criminal acts. At the time it was dismantled by the FBI, the Kelihos botnet was known to include at least 50,000 compromised computers around the world, including computers in Connecticut. (Source: U.S. Department of Justice)