Ransomware Botnet Operator Sentenced to 24 Months
▼ Summary
– A Russian national, Ilya Angelov, was sentenced to 24 months in prison and fined for managing a botnet used in ransomware attacks against U.S. companies.
– His group, tracked as Mario Kart, built the botnet by spreading malware through spam emails and sold access to the infected computers.
– The operation infected thousands of computers daily by sending up to 700,000 malicious emails per day.
– Over 70 U.S. companies were victimized, leading to more than $14 million in extortion payments from ransomware attacks.
– Angelov voluntarily traveled to the United States to face the charges against him.
A Russian national has received a 24-month prison sentence for his role in operating a ransomware botnet that targeted American businesses. The court also mandated a $100,000 fine and the forfeiture of $1.6 million in illicit proceeds. This case highlights the persistent threat of international cybercrime and the legal consequences for those who facilitate these attacks.
The defendant, 40-year-old Ilya Angelov from Tolyatti, Russia, operated under the online aliases “milan” and “okart.” From 2017 through 2021, he co-managed a cybercriminal organization known to the FBI as Mario Kart. Private cybersecurity firms track this group under various designations, including TA-551, Shathak, and GOLD CABIN. Their primary business model involved constructing a malware distribution network by sending spam emails with infected attachments.
This operation was remarkably prolific, capable of distributing up to 700,000 malicious messages daily. When recipients opened the attachments, their computers became infected and were silently added to the sprawling Mario Kart botnet. At its height, the group successfully compromised approximately 3,000 new systems every day. Angelov’s group then monetized this botnet by selling access to the compromised machines to other criminal enterprises.
Those buyers typically specialized in ransomware extortion schemes. After gaining access, they would deploy ransomware to encrypt victims’ networks, demanding payment, often in cryptocurrency, to restore access. Federal prosecutors stated that this criminal ecosystem led directly to attacks on more than 70 U. S. companies, resulting in over $14 million in extortion payments. Records show one ransomware group alone paid Angelov’s operation more than $1 million for access to the infected computers.
U. S. Attorney Gorgon commented on the case, noting that while the tactics of foreign cybercriminals grow more advanced, their fundamental goal remains simple: to steal from and harm American citizens and corporations. A notable aspect of this prosecution is that Angelov traveled to the United States voluntarily to confront the charges and accept responsibility for his actions within the Mario Kart organization.
(Source: Help Net Security)
