Leader of international malvertising and ransomware schemes extradited from Poland to face cybercrime charges

Press Release

Justice Department unseals charges against two additional international cybercriminals

ALEXANDRIA, Va. - WASHINGTON - A Belarussian and Ukrainian national charged in the District of New Jersey and Eastern District of Virginia with leading international computer hacking and wire fraud schemes made his initial appearance in Newark, New Jersey, today after being extradited from Poland.

As alleged in court documents unsealed today, Maksim Silnikau, also known as Maksym Silnikov, 38, led two multi-year cybercrime schemes. At different points, Silnikau has been associated with the online monikers "J.P. Morgan," "xxx," and "lansky," among others.

In the District of New Jersey, Silnikau, along with alleged co-conspirators Volodymyr Kadariya, a Belarussian and Ukrainian national, 38, and Andrei Tarasov, a Russian national, 33, are charged with cybercrime offenses associated with a scheme to transmit the Angler Exploit Kit, other malware, and online scams to the computers of millions of unsuspecting victim Internet users through online advertisements - so-called "malvertising" - and other means from October 2013 through March 2022. In the Eastern District of Virginia, Silnikau is charged for his role as the creator and administrator of the Ransom Cartel ransomware strain and associated ransomware operations beginning in May 2021.

"Today, the Justice Department takes another step forward in disrupting ransomware actors and malicious cybercriminals who prey on victims in the U.S. and around the world," said Deputy Attorney General Lisa Monaco. "As alleged, for over a decade, the defendant used a host of online disguises and a network of fraudulent ad campaigns to spread ransomware and scam U.S. businesses and consumers. Now, thanks to the hard work of federal agents and prosecutors, along with Polish law enforcement colleagues, Maksim Silnikau must answer these grave charges in an American courtroom."

"This case reemphasizes the importance of both cybersecurity and our crucial law enforcement partnerships worldwide," said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. "Online threats emerge within the digital ecosystem among those who exploit the very tools that help us connect and collaborate. In turn, we must maximize our investigative collaborations globally to address those threats. This investigation demonstrates the positive results of leveraging international partnerships to combat international crimes."

"As alleged in the indictment, Silnikau and his co-conspirators distributed online advertisements to millions of internet users for the purpose of delivering malicious content," said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department's Criminal Division. "These ads appeared legitimate but were actually designed to deliver malware that would compromise users' devices or to deliver 'scareware' designed to trick users into providing their sensitive personal information. Silnikau's arrest and extradition demonstrate that, working with its domestic and international partners, the Criminal Division is committed to bringing cyber criminals who target U.S. victims to justice, no matter where they are located."

"These conspirators are alleged to have operated a multiyear scheme to distribute malware onto the computers of millions of unsuspecting internet users around the globe," said U.S. Attorney Philip R. Sellinger for the District of New Jersey. "To carry out the scheme, they used malicious advertising, or 'malvertising', to trick victims into clicking on legitimate-seeming internet ads. Instead, the victims would be redirected to malicious internet sites that delivered malware to their devices, giving the conspirators access to the victims' personal information. The conspirators then sold that access and information to other cybercriminals on the dark net. Throughout the scheme, the conspirators attempted to hide their identities from law enforcement, including by using fraudulent aliases and online personas."

"This arrest underscores a long-term investigation by the U.S. Secret Service, in coordination with foreign, domestic and private partners, of cybercrime organizations that allegedly distributed the notorious Angler Exploit Kit, conducted malvertising, and operated the Ransom Cartel ransomware organization," said Assistant Director of Investigations Brian Lambert of the U.S. Secret Service. "Cybercriminals should know that even if they attempt to hide their criminal conduct behind the anonymity of the internet that eventually, through the dedication of international law enforcement professionals, they will be apprehended and held accountable for their actions."

"Silnikau and his co-conspirators allegedly used malware and various online scams to target millions of unsuspecting internet users in the United States and around the world," said FBI Deputy Director Paul Abbate. "They hid behind online aliases and engaged in complex, far-reaching cyber fraud schemes to compromise victim devices and steal sensitive personal information. The FBI will continue to work with partners to aggressively impose costs on cybercriminals and hold them accountable for their actions."

"The FBI will continue to work alongside our partners both overseas and in the states to identify and dismantle cyber threats, and to pursue those criminals who attempt to target and defraud victims in the United States," said Special Agent in Charge Stephen Cyrus of the FBI Kansas City Field Office.

District of New Jersey Indictment

According to the indictment unsealed in the District of New Jersey, from October 2013 through March 2022, Silnikau, Kadariya, Tarasov, and others in Ukraine and elsewhere used malvertising and other means to deliver malware, scareware, and online scams to millions of unsuspecting Internet users in the United States and elsewhere. The malvertising campaigns were designed to appear legitimate, but often redirected victim Internet users who viewed or accessed the advertisements to malicious sites and servers that sought to defraud the users or delivered malware to the users' devices. The conspirators' scheme caused unsuspecting Internet users to be forcibly redirected to malicious content on millions of occasions, and defrauded and attempted to defraud various U.S.-based companies involved in the sale and distribution of legitimate online advertisements.

One strain of malware that Silnikau and others allegedly took a leading role in disseminating was the Angler Exploit Kit, which targeted web-based vulnerabilities in Internet browsers and associated plug-ins. At times during the scheme, the Angler Exploit Kit was a leading vehicle through which cybercriminals delivered malware onto compromised electronic devices. The conspirators also allegedly enabled the delivery of "scareware" ads that displayed false messages claiming to have identified a virus or other issue with a victim Internet user's device. The messages then attempted to deceive the victim into buying or downloading dangerous software, providing remote access to the device, or disclosing personal identifying or financial information.

For years, the conspirators tricked advertising companies into delivering their malvertising campaigns by using dozens of online personas and fictitious entities to pose as legitimate advertising companies. They also developed and used sophisticated technologies and computer code to refine their malvertisements, malware, and computer infrastructure so as to conceal the malicious nature of their advertising.

As alleged, Silnikau, Kadariya, Tarasov, and conspirators used multiple strategies to profit from their widespread hacking and wire fraud scheme, including by using accounts on predominantly Russian cybercrime forums to sell to cybercriminals access to the compromised devices of victim Internet users (so-called "loads" or "bots"), as well as information stolen from victims and recorded in "logs," such as banking information and login credentials, to enable further efforts to defraud the victim Internet users or deliver additional malware to their devices.

Eastern District of Virginia Indictment

According to the indictment unsealed in the Eastern District of Virginia, Silnikau was the creator and administrator of the Ransom Cartel ransomware strain, created in 2021. Silnikau allegedly had been a member of Russian-speaking cybercrime forums since at least 2005 and was a member of the notorious cybercrime website Direct Connection from 2011 to 2016, when the site was shuttered after the arrest of its administrator.

Beginning in May 2021, Silnikau allegedly developed a ransomware operation and began recruiting participants from cybercrime forums. On various occasions, Silnikau allegedly distributed information and tools to Ransom Cartel participants, including information about compromised computers, such as stolen credentials, and tools such as those designed to encrypt or "lock" compromised computers. Silnikau also allegedly established and maintained a hidden website where he and his co-conspirators could monitor and control ransomware attacks; communicate with each other; communicate with victims, including sending and negotiating payment demands; and manage distribution of funds between co-conspirators.

On Nov. 16, 2021, Silnikau allegedly executed a ransomware attack on a company based in New York, and on March 5, 2022, Ransom Cartel ransomware was deployed against a company based in California. The hackers removed confidential data without authorization and demanded a monetary payment to refrain from releasing the victim's data.

* * *

In the District of New Jersey, Silnikau, Kadariya, and Tarasov are charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. If convicted, Silnikau, Kadariya, and Tarasov face maximum penalties of 27 years in prison for wire fraud conspiracy, 10 years in prison for computer fraud conspiracy, counts, and 20 years in prison on each wire fraud count.

In the Eastern District of Virginia, Silnikau is charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, conspiracy to commit access device fraud, and two counts each of wire fraud and aggravated identity theft. He faces a mandatory minimum of two years in prison and a maximum penalty of 20 years in prison.

The U.S. Secret Service and FBI Kansas City Field Office are investigating the charges in the District of New Jersey, and the U.S. Secret Service is investigating the charges in the Eastern District of Virginia. The Department also appreciates the extensive cooperation and coordination by the United Kingdom's National Crime Agency and Crown Prosecution Service over the course of several years, as well as significant support provided by the Security Service of Ukraine Cyber Department and Prosecutor General's Office; Guardia Civil of Spain, Spanish Ministry of Justice, and the Public Prosecutor's Office at the Audiencia Nacional; Policia Judiciaria of Portugal; Germany-Bundeskriminalamt (BKA) and Landeskriminalamt (LKA) Berlin; and Polish authorities, in particular assistance provided by Poland's Central Cybercrime Bureau, Border Guard, Ministry of Justice, and National Prosecutors Office.

Assistant U.S. Attorneys Jonathan Keim and Zoe Bedell are prosecuting the case in the Eastern District of Virginia. Assistant U.S. Attorney Samantha Fasanello, Chief of the Narcotics/OCDETF Unit, for the District of New Jersey and Senior Counsel Aarash A. Haghighat, Cyber Operations International Liaison Louisa K. Becker, and Trial Attorney Christen Gallagher of the Criminal Division's Computer Crime and Intellectual Property Section (CCIPS) are prosecuting Silnikau and his co-defendants in the District of New Jersey. Assistant U.S. Attorneys Andrew M. Trombly, Chief of the General Crimes Unit, for New Jersey, and Christopher Oakley for the District of Kansas also provided substantial assistance to the New Jersey case.

The Justice Department's Office of International Affairs also provided substantial assistance in the extradition of Silnikau and the collection of evidence.

A copy of this press release is located on the website of the U.S. Attorney's Office for the Eastern District of Virginia. Related court documents and information are located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:23-cr-108.

An indictment is merely an accusation. The defendant is presumed innocent until proven guilty.

Contact

Updated August 12, 2024