Suspected leader of 'prolific' Reveton ransomware group arrested and deported to US
Maksim Silnikau - aka J.P. Morgan - is accused of being behind the Reveton ransomware as a service and Angler exploit kit
Maksim Silnikau, the suspected leader of a ransomware group who went by the online alias of ‘J.P. Morgan’, has been arrested and extradited to the US.
Silnikau and his group had been under investigation by the National Crime Agency (NCA) since 2015, with parallel investigations also being run by the US Secret Service (USSS) and the FBI.
At the end of July, Spain's Guardia Civil, supported by NCA and US officers, arrested 38-year-old Silnikau, also known as Maksym Silnikov, at an apartment in Estepona, Spain.
Vladimir Kadariya, 38, from Belarus, and Andrei Tarasov, 33, from Russia, are also facing charges in the US for allegedly playing key roles in J.P. Morgan’s group.
"Using our unique capabilities, and working closely with the US Secret Service, FBI and other international partners, we were able to identify, track and locate the individuals behind the online monikers, map the group’s activity and target their technical infrastructure, rendering a significant arm of their criminal operation inoperable," said NCA deputy director Paul Foster, head of the national cyber crime unit.
The group had been operating since at least 2011, with the creation of Reveton, the first ever Ransomware as a Service (RaaS) business model.
Victims received messages purporting to be from law enforcement, with a notification that would lock their screen and system, accusing them of downloading illegal content such as child abuse material and copyrighted content.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Victims paid out around $400,000 every month from 2012 to 2014, according to the NCA.
J.P. Morgan’s network also developed and distributed a number of exploit kits, including the notorious Angler Exploit Kit. They used this to conduct ‘prolific’ malvertising campaigns, which involve cyber criminals purchasing advertising space on legitimate websites and uploading ads which were laced with a malicious exploit kit.
Believed to have hit more than half a billion victims worldwide, Angler at one point represented 40% of all exploit kit infections, having targeted around 100,000 devices, and with an estimated annual turnover of around $34 million.
"As well as causing significant reputational and financial damage, their scams led victims to suffer severe stress and anxiety," said Foster.
"Their impact goes far beyond the attacks they launched themselves. They essentially pioneered both the exploit kit and Ransomware as a Service models, which have made it easier for people to become involved in cyber crime and continue to assist offenders."
This isn't the first arrest of a group member, however. British national Zain Qaiser was convicted of blackmail, breaches of the Computer Misuse Act, and money laundering and sentenced to six years and five months imprisonment in 2019.
"Cyber criminals should know that even if they attempt to hide their criminal conduct behind the anonymity of the internet that eventually, through the dedication of international law enforcement professionals, they will be apprehended and held accountable for their actions," said US Secret Service assistant director of investigations Brian Lambert.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.