A Belarussian and Ukrainian dual-national was charged in the District of New Jersey and Eastern District of Virginia for leading international computer hacking and wire fraud schemes. He made his initial appearance in Newark, New Jersey, today after being extradited from Poland.
According to court documents unsealed today, Maksim Silnikau, also known as Maksym Silnikov, 38, led two multiyear cybercrime schemes. At various times, Silnikau has used online monikers such as “J.P. Morgan,” “xxx,” and “lansky,” among others.
In the District of New Jersey, Silnikau, along with alleged co-conspirators Volodymyr Kadariya, a Belarussian and Ukrainian national, 38, and Andrei Tarasov, a Russian national, 33, are charged with cybercrime offenses related to a scheme to transmit the Angler Exploit Kit, other malware, and online scams to millions of unsuspecting internet users through online advertisements — known as “malvertising” — and other methods from October 2013 through March 2022. In the Eastern District of Virginia, Silnikau is charged for his role as the creator and administrator of the Ransom Cartel ransomware strain and associated ransomware operations beginning in May 2021.
“Silnikau and his co-conspirators allegedly used malware and various online scams to target millions of unsuspecting internet users in the United States and around the world,” said FBI Deputy Director Paul Abbate. “They hid behind online aliases and engaged in complex, far-reaching cyber fraud schemes to compromise victim devices and steal sensitive personal information. The FBI will continue to work with partners to aggressively impose costs on cybercriminals and hold them accountable for their actions.”
“As alleged in the indictment, Silnikau and his co-conspirators distributed online advertisements to millions of internet users for the purpose of delivering malicious content,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “These ads appeared legitimate but were actually designed to deliver malware that would compromise users’ devices or to deliver ‘scareware’ designed to trick users into providing their sensitive personal information. Silnikau’s arrest and extradition demonstrate that, working with its domestic and international partners, the Criminal Division is committed to bringing cybercriminals who target U.S. victims to justice, no matter where they are located.”
“These conspirators are alleged to have operated a multiyear scheme to distribute malware onto the computers of millions of unsuspecting internet users around the globe,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “To carry out the scheme, they used malicious advertising, or ‘malvertising’, to trick victims into clicking on legitimate-seeming internet ads. Instead, the victims would be redirected to malicious internet sites that delivered malware to their devices, giving the conspirators access to the victims’ personal information. The conspirators then sold that access and information to other cybercriminals on the dark net. Throughout the scheme, the conspirators attempted to hide their identities from law enforcement, including by using fraudulent aliases and online personas.”
District of New Jersey Indictment
According to the indictment unsealed in the District of New Jersey, from October 2013 through March 2022, Silnikau, Kadariya, Tarasov, and others in Ukraine and elsewhere used malvertising and other methods to deliver malware, scareware, and online scams to millions of unsuspecting Internet users in the United States and beyond. These malvertising campaigns appeared legitimate but often redirected users to malicious sites and servers, aiming to defraud them or deliver malware to their devices. This scheme caused countless Internet users to be redirected to harmful content and defrauded various U.S.-based companies involved in legitimate online advertising.
One type of malware that Silnikau and others allegedly played a significant role in spreading was the Angler Exploit Kit, which targeted vulnerabilities in web browsers and associated plug-ins. At times, this kit was a major tool for cybercriminals to deliver malware to compromised devices. The conspirators also allegedly delivered “scareware” ads that showed false messages claiming to have found a virus or other issue on a user’s device. These messages deceived victims into buying or downloading dangerous software, providing remote access, or sharing personal or financial information.
For years, the conspirators tricked advertising companies into running their malvertising campaigns by using numerous online personas and fake entities to pose as legitimate advertisers. They also developed and used advanced technologies and code to refine their malicious ads, malware, and infrastructure to hide their true nature.
As alleged, Silnikau, Kadariya, Tarasov, and their co-conspirators used various strategies to profit from their extensive hacking and fraud scheme. This included using accounts on primarily Russian cybercrime forums to sell access to compromised devices (referred to as “loads” or “bots”) and information stolen from victims, such as banking details and login credentials, to further defraud users or deliver additional malware.
Eastern District of Virginia Indictment
According to the indictment unsealed in the Eastern District of Virginia, Silnikau was the creator and administrator of the Ransom Cartel ransomware strain, created in 2021. Silnikau has allegedly been active in Russian-speaking cybercrime forums since at least 2005 and was a member of the infamous cybercrime website Direct Connection from 2011 to 2016, when the site was shut down after the arrest of its administrator.
Starting in May 2021, Silnikau allegedly developed a ransomware operation and began recruiting participants from cybercrime forums. He is accused of distributing information and tools to Ransom Cartel participants, including details about compromised computers, stolen credentials, and tools designed to encrypt or “lock” compromised systems. Silnikau also allegedly set up and maintained a hidden website where he and his co-conspirators could control ransomware attacks, communicate with each other, engage with victims, including sending and negotiating payment demands, and manage the distribution of funds among co-conspirators.
On Nov. 16, 2021, Silnikau allegedly carried out a ransomware attack on a company based in New York, and on March 5, 2022, Ransom Cartel ransomware was deployed against a company based in California. The hackers stole confidential data without authorization and demanded payment to prevent the release of the victim’s data.
In the District of New Jersey, Silnikau, Kadariya, and Tarasov are charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. If convicted, they face maximum penalties of 27 years in prison for wire fraud conspiracy, 10 years for computer fraud conspiracy, and 20 years for each wire fraud count.
In the Eastern District of Virginia, Silnikau is charged with conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud, conspiracy to commit access device fraud, and two counts each of wire fraud and aggravated identity theft. He faces a mandatory minimum of two years in prison and a maximum of 20 years in prison.
