Skip to main content
Press Release

Leader of International Malvertising and Ransomware Schemes Extradited from Poland to Face Cybercrime Charges

For Immediate Release
U.S. Attorney's Office, District of New Jersey
Justice Department Unseals Charges Against Two Additional International Cybercriminals

 NEWARK, N.J. – A Belarussian and Ukrainian national charged in the District of New Jersey and Eastern District of Virginia with leading international computer hacking and wire fraud schemes made his initial appearance in Newark today after being extradited from Poland.

As alleged in court documents unsealed today, Maksim Silnikau, also known as Maksym Silnikov, 38, led two multi-year cybercrime schemes. At different points, Silnikau has been associated with the online monikers “J.P. Morgan,” “xxx,” and “lansky,” among others. Silnikau appeared before U.S. Magistrate Judge Jessica S. Allen in Newark federal court and was detained.

In the District of New Jersey, Silnikau, along with alleged co-conspirators Volodymyr Kadariya, a Belarussian and Ukrainian national, 38, and Andrei Tarasov, a Russian national, 33, are charged with cybercrime offenses associated with a scheme to transmit the Angler Exploit Kit, other malware, and online scams to the computers of millions of unsuspecting victim Internet users through online advertisements – so-called “malvertising” – and other means from October 2013 through March 2022. In the Eastern District of Virginia, Silnikau is charged for his role as the creator and administrator of the Ransom Cartel ransomware strain and associated ransomware operations beginning in May 2021.

“These conspirators are alleged to have operated a multiyear scheme to distribute malware onto the computers of millions of unsuspecting internet users around the globe. To carry out the scheme, they used malicious advertising, or ‘malvertising,’ to trick victims into clicking on legitimate-seeming internet ads. Instead, the victims would be redirected to malicious internet sites that delivered malware to their devices, giving the conspirators access to the victims’ personal information. The conspirators then sold that access and information to other cybercriminals on the dark net. Throughout the scheme, the conspirators attempted to hide their identities from law enforcement, including by using fraudulent aliases and online personas.”

U.S. Attorney Philip R. Sellinger

“Today, the Justice Department takes another step forward in disrupting ransomware actors and malicious cybercriminals who prey on victims in the U.S. and around the world,” said Deputy Attorney General Lisa Monaco. “As alleged, for over a decade, the defendant used a host of online disguises and a network of fraudulent ad campaigns to spread ransomware and scam U.S. businesses and consumers. Now, thanks to the hard work of federal agents and prosecutors, along with Polish law enforcement colleagues, Maksim Silnikau must answer these grave charges in an American courtroom.” 

“As alleged in the indictment, Silnikau and his co-conspirators distributed online advertisements to millions of internet users for the purpose of delivering malicious content,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “These ads appeared legitimate but were actually designed to deliver malware that would compromise users’ devices or to deliver ‘scareware’ designed to trick users into providing their sensitive personal information. Silnikau’s arrest and extradition demonstrate that, working with its domestic and international partners, the Criminal Division is committed to bringing cyber criminals who target U.S. victims to justice, no matter where they are located.”

“This arrest underscores a long-term investigation by the U.S. Secret Service, in coordination with foreign, domestic and private partners, of cybercrime organizations that allegedly distributed the notorious Angler Exploit Kit, conducted malvertising, and operated the Ransom Cartel ransomware organization,” said Assistant Director of Investigations Brian Lambert of the U.S. Secret Service. “Cybercriminals should know that even if they attempt to hide their criminal conduct behind the anonymity of the internet that eventually, through the dedication of international law enforcement professionals, they will be apprehended and held accountable for their actions.”

“Silnikau and his co-conspirators allegedly used malware and various online scams to target millions of unsuspecting internet users in the United States and around the world,” said FBI Deputy Director Paul Abbate. “They hid behind online aliases and engaged in complex, far-reaching cyber fraud schemes to compromise victim devices and steal sensitive personal information. The FBI will continue to work with partners to aggressively impose costs on cybercriminals and hold them accountable for their actions.”

“The FBI will continue to work alongside our partners both overseas and in the states to identify and dismantle cyber threats, and to pursue those criminals who attempt to target and defraud victims in the United States,” said Special Agent in Charge Stephen Cyrus of the FBI Kansas City Field Office.

District of New Jersey Indictment

According to the indictment unsealed in the District of New Jersey, from October 2013 through March 2022, Silnikau, Kadariya, Tarasov, and others in Ukraine and elsewhere used malvertising and other means to deliver malware, scareware, and online scams to millions of unsuspecting Internet users in the United States and elsewhere. The malvertising campaigns were designed to appear legitimate, but often redirected victim Internet users who viewed or accessed the advertisements to malicious sites and servers that sought to defraud the users or delivered malware to the users’ devices. The conspirators’ scheme caused unsuspecting Internet users to be forcibly redirected to malicious content on millions of occasions, and defrauded and attempted to defraud various U.S.-based companies involved in the sale and distribution of legitimate online advertisements.

One strain of malware that Silnikau and others allegedly took a leading role in disseminating was the Angler Exploit Kit, which targeted web-based vulnerabilities in Internet browsers and associated plug-ins. At times during the scheme, the Angler Exploit Kit was a leading vehicle through which cybercriminals delivered malware onto compromised electronic devices. The conspirators also allegedly enabled the delivery of “scareware” ads that displayed false messages claiming to have identified a virus or other issue with a victim Internet user’s device. The messages then attempted to deceive the victim into buying or downloading dangerous software, providing remote access to the device, or disclosing personal identifying or financial information.

For years, the conspirators tricked advertising companies into delivering their malvertising campaigns by using dozens of online personas and fictitious entities to pose as legitimate advertising companies. They also developed and used sophisticated technologies and computer code to refine their malvertisements, malware, and computer infrastructure so as to conceal the malicious nature of their advertising. 

As alleged, Silnikau, Kadariya, Tarasov, and conspirators used multiple strategies to profit from their widespread hacking and wire fraud scheme, including by using accounts on predominantly Russian cybercrime forums to sell to cybercriminals access to the compromised devices of victim Internet users (so-called “loads” or “bots”), as well as information stolen from victims and recorded in “logs,” such as banking information and login credentials, to enable further efforts to defraud the victim Internet users or deliver additional malware to their devices.

In the District of New Jersey, Silnikau,  Kadariya, and Tarasov are charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. If convicted, Silnikau, Kadariya, and Tarasov face maximum penalties of 27 years in prison for wire fraud conspiracy, 10 years in prison for computer fraud conspiracy, counts, and 20 years in prison on each wire fraud count.

The U.S. Secret Service and FBI Kansas City Field Office are investigating the charges in the District of New Jersey, and the U.S. Secret Service is investigating the charges in the Eastern District of Virginia. The Department also appreciates the extensive cooperation and coordination by the United Kingdom’s National Crime Agency and Crown Prosecution Service over the course of several years, as well as significant support provided by the Security Service of Ukraine Cyber Department and Prosecutor General’s Office; Guardia Civil of Spain, Spanish Ministry of Justice, and the Public Prosecutor’s Office at the Audiencia Nacional; Policia Judiciaria of Portugal; Germany—Bundeskriminalamt (BKA) and Landeskriminalamt (LKA) Berlin; and Polish authorities, in particular assistance provided by Poland’s Central Cybercrime Bureau, Border Guard, Ministry of Justice, and National Prosecutors Office.

Assistant U.S. Attorney Samantha Fasanello, Chief of the Narcotics/OCDETF Unit, for the District of New Jersey, Senior Counsel Aarash A. Haghighat, Cyber Operations International Liaison Louisa K. Becker, and Trial Attorney Christen Gallagher of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), are prosecuting Silnikau and his co-defendants in the District of New Jersey. Assistant U.S. Attorneys Andrew M. Trombly of New Jersey and Christopher Oakley of Kansas City, Kansas also provided substantial assistance to the New Jersey case.

The Justice Department’s Office of International Affairs also provided substantial assistance in the extradition of Silnikau and collection of evidence.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Updated August 12, 2024

Topic
Cybercrime
Press Release Number: 24-306