One of the world’s most prolific Russian-speaking cybercriminals has been arrested and extradited to the United States as a result of an international law enforcement effort led by the UK’s National Crime Agency (NCA).
The man, identified as 38-year-old Maksim Silnikau, also known by various aliases including 'J.P. Morgan,' 'xxx,' and 'lansky,' was apprehended on July 18, 2023, in Estepona, Spain, following years of investigation by the NCA, in collaboration with the United States Secret Service (USSS) and the FBI.
Silnikau, originally from Belarus, is believed to be the mastermind behind a vast cybercrime network responsible for the development and distribution of notorious ransomware strains such as Reveton and Ransom Cartel. These operations, which date back to at least 2011, have extorted tens of millions of dollars from victims across the globe.
On August 9, 2024, Silnikau was extradited from Poland to the United States, where he now faces charges related to a series of cybercrime offenses.
Silnikau’s criminal activities reportedly began with the introduction of Reveton, the first-ever ransomware-as-a-service business model. Reveton deceived victims by displaying messages falsely claiming to be from law enforcement, accusing them of illegal activities and locking their devices until a ransom was paid. From 2012 to 2014, the scam extorted approximately $400,000 per month from its victims.
In addition to ransomware, Silnikau’s network was also behind the infamous Angler Exploit Kit, a tool used to conduct sophisticated ‘malvertising’ campaigns. These campaigns involved purchasing advertising space on legitimate websites and embedding malicious software within the ads. This allowed the cybercriminals to exploit vulnerabilities in users’ systems, delivering malware, stealing sensitive information, and demanding ransoms.
At the height of its operation, the Angler Exploit Kit accounted for 40% of all exploit kit infections, targeting around 100,000 devices globally and generating an estimated $34 million annually. The malvertising campaigns are said to have impacted over half a billion victims worldwide.
The also uncovered links between Silnikau’s network and British national Zain Qaiser, who was involved in launching Angler malvertising campaigns. Qaiser was convicted in the UK in 2019 and sentenced to six years and five months in prison.
The NCA worked closely with Ukraine’s Security Service Cyber Department, the Singapore Police Force, and other international partners to dismantle the infrastructure supporting Silnikau’s criminal enterprise. This included searches conducted in Ukraine, where authorities targeted several group members, and in Portugal, where another individual connected to the network was interviewed.
As part of the operation, evidence, including over 50 terabytes of data, has been seized.
According to the US Department of Justice, Silnikau, along with his accomplices Volodymyr Kadariyaa Belarussian and Ukrainian national, 38, and Andrei Tarasov, a Russian national, 33, has been charged in the US with cybercrime offenses related to malvertising and other methods to spread malware, including the Angler Exploit Kit, to millions of computers from 2013 to 2022.
Silnikau is also charged for his role in creating and managing the Ransom Cartel ransomware. The group profited by selling access to compromised devices and stolen information on Russian cybercrime forums. They face multiple charges in Virginia and New Jersey, with potential prison sentences totaling up to 57 years if convicted.