UK Man Gets Six-Year Sentence for Global Ransomware SchemeAuthorities Say He Spent Ransom Proceeds on Luxury Goods, Gambling
A 24-year-old man living in England has been sentenced to more than six years in prison for his role in a ransomware scheme that targeted millions of computers across 20 countries, the U.K.'s National Crime Agency announced Tuesday.
See Also: 2020 Global Threat Report
Zain Qaiser, who was part of a Russian-speaking organized crime group, helped target victims, collecting at least £700,000 ($910,000) in payments over several years, the agency says.
Qaiser spent the money on a $6,000 Rolex watch, $88,000 worth of stays at swanky hotel rooms as well as gambling, illegal drugs and other vices, the agency reports. While spending large amounts, he claimed to be unemployed and living with his family in the U.K., authorities note.
Earlier, he pleaded guilty to 11 offenses.
'Sophisticated, Serious Organized Crime'
Because Qaiser speaks English, authorities say he played a pivotal role as part of the Russian-speaking gang behind this extortion scheme by interacting with online advertising agencies to buy web traffic, using various social-engineering techniques to lure victims, interact with legitimate companies and give out instructions for how to pay ransoms, typically in bitcoin or another cryptocurrency.
The gang used the Angler Exploit Kit, which the National Crime Agency believes was developed by one of Qaiser's associates. Once a PC was infected by Angler, which looked for certain vulnerabilities, it would then deliver Reveton ransomware.
The scheme targeted users of pornographic websites, which the gang believed made them more susceptible to paying out the ransom once their PCs were infected, authorities say.
"This was one of the most sophisticated, serious and organized cybercrime groups the National Crime Agency has ever investigated," Nigel Leary, a senior investigating officer with the agency, notes in a statement.
This was an extremely long-running, complex cyber-crime investigation in which we worked with partners in the US, Canada, Europe and @cpsuk The investigation demonstrates that cyber-criminals cannot operate from behind a veil of anonymity... https://t.co/KSojwkGGOp— NationalCrimeAgency (@NCA_UK) April 9, 2019
Qaiser, who used the online name "K!NG," bought large amounts of advertising traffic from porn sites using a series of fake identities and companies to hide his true purpose, authorities say. Once the traffic was secured, the criminal gang hosted and posted ads that contained malware.
Once a victim clicked on an ad that contained Angler, the malware would then download Reveton, which would then lock the victim's browser. An message would pop up claiming to be from a law enforcement agency, including the FBI, claiming that the users had committed a crime and demanding $300 to $1,000 to unlock the PC.
Over the last seven years, the Reveton ransomware has been used in a series of extortion attempts, according to security analysts and published reports.
Angler has a similar history of being used by various groups as part of a number of cybercrimes, according to news reports. Cisco's Talos has tracked the malware since at least 2016, tying the kit to groups based in Russia and watching it disappear for a time after nearly 50 people were arrested by Russian authorities. By one estimate, criminals used the malware to collect some $34 million in one year.
After buying the traffic and luring victims, Qaiser then helped facilitate the payment, including laundering the money through various cryptocurrencies.
As the National Crime Agency describes: "One of Qaiser's international accomplices in the U.S. transferred ransom payments onto pre-loaded credit cards in fraudulent identities, withdrew that cash at locations throughout the U.S., converted it into cryptocurrency and transferred it to Qaiser."
At one point, some of the online ad agencies found out what Qaiser and his associates were doing and demanded they stop. In return, the former computer science student hit the companies with a series of distributed denial-of-service attacks, costing the businesses about $650,000 as a result of lost revenue and recovery expenses, the agency noted.
The National Crime Agency believes that Qaiser and his Russian-speaking associates first began running this scheme in 2012. A long-running investigation into the group involved law enforcement from Europe, the U.K., as well as the FBI and U.S. Secret Service.
Qaiser was eventually charged by National Crime Agency investigators in February 2017 and taken into custody in December 2018. He pleaded guilty to committing 11 offenses, including blackmail, fraud, money laundering and computer misuse, and was jailed at Kingston Crown Court in the U.K. before being sentenced on Tuesday.