A 38-year-old Belarusian accused of being one of the world’s most prolific Russian-speaking cybercriminals has been arrested and extradited by the UK’s National Crime Agency (NCA) as part of an international law enforcement operation.
Silnikau, who also goes by Maksym Silnikov, was arrested by Spain’s Guardia Civil in an apartment in Estepona, southern Spain, in July 2023.
On August 9, 2024, he was extradited from Poland to the US to face charges relating to cybercrime offenses.
Reveton, the First-Ever Ransomware-as-a-Service
Silnikau is believed to have used the ‘J.P. Morgan’ moniker, as well as other notorious nicknames within the cybercrime community including ‘xxx’ and ‘lansky’.
The man’s criminal activities can be traced back to at least 2011 when he and associates introduced Reveton, the first ever ransomware-as-a-service (RaaS) business model.
To infect victims with Reveton, Silnikau and his network of cybercriminals sent messages mimicking law enforcement communications accusing them of downloading illegal content such as child abuse material and copyrighted programmes. These messages included notifications that would lock their screen and system.
Reveton could detect the use of a webcam and take an image of the user to accompany the notification with a demand for payment. Victims were then coerced into paying fines through fear of imprisonment or to regain access to their devices.
The scam resulted in approximately $400,000 extorted from victims every month from 2012 to 2014.
Silkinau and Associates Face Charges in the US
Silnikau and his associates are also accused of developing and distributing other ransomware strains, including Ransom Cartel, as well as exploit kits, such as Angler, which have extorted tens of millions from victims worldwide.
The NCA has been investigating this cybercriminal network since 2015, collaborating with several other law enforcement agencies, including the Cyber Department of the Security Service of Ukraine and the Singapore Police Force (SPF).
The US Secret Service (USSS) and FBI have also run parallel investigations.
Those investigations led law enforcement agencies to identify the real-world individuals behind the underground monikers and track and locate them across Europe, including Spain and Portugal.
Silnikau faces cybercriminal charges in the US alongside Vladimir Kadariya, 38, from Belarus, and Andrei Tarasov, 33, from Russia.
In a public statement, NCA Deputy Director Paul Foster, Head of the National Cyber Crime Unit, highlighted the complexity of the investigation into Silnikau and his cybercriminal network.
“These are highly sophisticated cyber criminals who, for a number of years, were adept at masking their activity and identities. Their impact goes far beyond the attacks they launched themselves. They essentially pioneered both the exploit kit and ransomware-as-a-service models, which have made it easier for people to become involved in cybercrime and continue to assist offenders.
“However, the NCA is committed to identifying the organized criminals at the top of the chain who direct the crime groups causing the greatest harm to the UK,” he said.
Jailed British Man Linked to Silkinau
Additionally, NCA investigators established that British national Zain Qaiser was working with J.P. Morgan to launch Angler malvertising campaigns and share the profits with him.
Qaiser was convicted of blackmail, Computer Misuse Act and money laundering offenses and sentenced to six years and five months imprisonment in the UK in 2019.
The investigators obtained key evidence, including over 50 terabytes of data. This evidence is being reviewed to support the ongoing investigation targeting further actors linked to this criminal network and associated cybercrime groups.