The United States has convicted a Russian cyber-criminal of running a malware-masking service that helped hackers systematically infect victim computers around the world with malware, including ransomware.
On Tuesday, a federal jury in Connecticut found 41-year-old native Estonian Oleg Koshkin guilty of operating a crypting business via multiple websites, including “Crypt4U.com,” and “fud.bz.”
On the websites, Koshkin and his co-conspirators claimed that they could render malicious software such as botnets, remote-access trojans, keyloggers, credential stealers and cryptocurrency miners undetectable by nearly every major provider of antivirus software.
According to court documents and evidence introduced at trial, Koshkin worked with Kelihos botnet operator Peter Yuryevich Levashov (aka Sergey Astakhov aka Petr Severa) to create a system that would allow Levashov to crypt the Kelihos malware multiple times per day.
"Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos through multiple criminal affiliates," said a Department of Justice spokesperson.
"Levashov used the Kelihos botnet to send spam, harvest account credentials, conduct denial of service attacks, and distribute ransomware and other malicious software."
The Kelihos botnet included at least 50,000 compromised computers around the world when it was dismantled in 2017 by the FBI following Levashov's arrest in Barcelona. After extradition to the United States, Levashov pleaded guilty in 2018 to one count of causing intentional damage to a protected computer, one count of conspiracy, one count of wire fraud, and one count of aggravated identity theft.
Koshkin was arrested in California in September 2019 and has been detained since his arrest. He faces a maximum penalty of 15 years in prison and is scheduled to be sentenced on September 20.
Pavel Tsurkan, Koshkin’s co-defendant, is charged with aiding and abetting Levashov in causing damage to 10 or more protected computers and also with conspiring to cause damage to 10 or more protected computers.
Acting Assistant Attorney General Nicholas McQuaid of the Justice Department's Criminal Division said: “The verdict should serve as a warning to those who provide infrastructure to cyber-criminals: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enable, and we will work tirelessly to bring you to justice.”