A prolific cybercriminal operating under the online monicker J.P.Morgan has been arrested following a co-ordinated international police investigation.
Following charges brought in the US against several individuals, a coordinated day of action took place on 18 July 2023, during which the Guardia Civil, supported by the Uk's National Crime Agency and US officers, arrested 38-year-old Maksim Silnikau, also known as Maksym Silnikov, at an apartment in Estepona, Spain.
Investigators established that Silnikau and his associates were responsible for the development and distribution of notorious ransomware strains, including Reveton and most recently Ransom Cartel, as well as exploit kits, including Angler, which have extorted tens of millions from victims worldwide.
Vladimir Kadariya, 38, from Belarus, and Andrei Tarasov, 33, from Russia, are also facing charges in the US for allegedly playing key roles in J.P. Morgan’s crime group.
Silnikau's criminal network can be traced back to at least 2011 when he introduced Reveton, the first ever ransomware-as-a-service business model.
Such services provide a suite of tools that allow low skilled offenders to launch effective ransomware attacks for a fee.
Victims of Reveton received messages purporting to be from law enforcement, with a notification that would lock their screen and system, accusing them of downloading illegal content such as child abuse material and copyrighted programmes.
The scam resulted in approximately $400,000 being extorted from victims every month from 2012 to 2014.
J.P. Morgan’s network also developed and distributed a number of exploit kits, including the notorious Angler Exploit Kit, which they used to conduct ‘malvertising’ campaigns.
These campaigns took a variety of forms, but generally involved the cyber criminals purchasing advertising space on legitimate websites and uploading ads which were laced with a malicious exploit kit.
Once the cyber criminals had infected a victim’s device, they were able to exploit them in a number of ways, often stealing banking credentials and sensitive personal information. A victim would potentially be forced to pay a ransom under threat of their information being published online.
At its peak, Angler represented 40% of all exploit kit infections, having targeted around 100,000 devices and with an estimated annual turnover of around $34 million.
NCA deputy director Paul Foster, head of the National Cyber Crime Unit, says: “As well as causing significant reputational and financial damage, their scams led victims to suffer severe stress and anxiety.
“Their impact goes far beyond the attacks they launched themselves. They essentially pioneered both the exploit kit and ransomware-as-a-service models, which have made it easier for people to become involved in cybercrime and continue to assist offenders."