Ransomware Attacker Sentenced to 5.5 Years in Prison | #itsecurity | #infosec


An Estonian man who participated in at least 13 ransomware attacks has been sentenced to 5.5 years in prison, the US Department of Justice has announced.

ZDNet reports that Maksim Berezan was arrested in Latvia in November 2020 and extradited to the US. He pleaded guilty to conspiracy to commit wire fraud affecting a financial institution and conspiracy to commit access device fraud and computer intrusions in April 2021.

The DOJ says a “post-extradition investigation determined that Berezan had participated in at least 13 ransomware attacks, seven of which were against US victims, and that approximately $11 million in ransom payments flowed into cryptocurrency wallets that he controlled.”

Berezan seemed perfectly willing to spend that money: The DOJ says he “used his ill-gotten gains to purchase two Porsches, a Ducati motorcycle, and an assortment of jewelry,” and that more than $200,000 worth of an unspecified currency was recovered from his home.

Investigators also found “electronic devices storing passphrases to bitcoin wallets that contained bitcoin worth approximately $1.7 million, which has been forfeited,” the DOJ says. (It’s not clear if that’s what the Bitcoin was worth at time of extradition or time of sentencing.)

The ransomware attacks Berezan participated in caused an estimated $53 million in losses, the department says, and he was ordered to pay $36 million in restitution as part of his sentence. All told, that essentially means the attacks will have cost Berezan $25 million out of pocket.

Not that most of that money will ever be repaid. “This is not meant to be harsh but to give victims a realistic view of restitution,” the DOJ says on its website. “It is quite likely that a victim may not receive any or may receive only partial restitution.”



Original Source link

Leave a Reply

Your email address will not be published.

six + four =