denisismagilov - Fotolia

US offers $2.5m bounty for on-the-run malware dev

US State Department puts a $2.5m bounty on the head of Angler exploit kit developer and ransomware crew member Volodymyr Kadariya as part of a major developing case

The United States Department of State has placed a $2.5m (£1.9m) bounty on the head of a Belarusian malware developer indicted earlier this month over his involvement in the development and distribution of the infamous Angler exploit kit (AEK).

Volodymyr Kadariya – also styled Vladimir Kadaria – aged 38, is accused of assisting co-conspirator Maksim Silnikau, also known as “JP Morgan”, in operating a major cyber criminal cartel spanning over 10 years.

“Kadariya is charged with cyber crime offences associated with an alleged scheme to transmit the Angler exploit kit, other malware and online scams to the computers of millions of unsuspecting victim internet users through online advertisements … and other means from October 2013 through March 2022,” the State Department notice reads.

“At times during the scheme, the AEK was a leading vehicle through which cyber criminals delivered malware onto compromised electronic devices.”

Besides AEK, which was used to distribute malware and ransomware through malvertising campaigns, the men also allegedly made tens of millions of dollars from ransomware strains including Reveton and Ransom Cartel. In doing so, they pioneered the now well-in-use ransomware-as-a-service (RaaS) cyber crime model, leasing their malwares to low-skilled criminals.

If caught, Kadariya will face charges of conspiracy to commit wire fraud, conspiracy to commit computer fraud and substantive wire fraud. These crimes carry a maximum penalty of 27 years in jail in the first instance, 10 in the second, and 40 in the third.

It’s comparatively rare for Russian and Belarusian cyber criminals to face justice given both states are under heavy sanctions over Russia’s invasion of Ukraine, and do not cooperate with extradition requests. However, as was the case with Silnikau, who was seized in July in Estepona, a resort town located on Spain’s Costa del Sol, such individuals do sometimes take it upon themselves to travel outside “safe” jurisdictions.

Read more about anti cyber crime actions

  • International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes.
  • The NCA and its partners have named the administrator of the LockBit ransomware gang, LockBitSupp, as Dmitry Khoroshev, who now faces sanctions and criminal charges.
  • Multinational law enforcement has targeted the operations of the notorious ALPHV/BlackCat cyber extortion gang, but the group’s members appear to remain defiant.

ImmuniWeb CEO Ilia Kolochenko said that should a reward be paid out, its recipient may well be far from innocent themselves.

“Due to the rapidly unfolding geopolitical crisis, which progressively affects more and more countries, former partners in cyber crime and friendly hacking groups increasingly become irreconcilable enemies for ideological reasons,” he said.

“Moreover, competition on the global cyber crime market also intensifies, so even ideologically similar hacking groups may report each other to law enforcement to make some money and to get a bigger market share.”

The US government is encouraging anybody with information to contact the Secret Service via email at [email protected]. Those located outside the US should contact their local embassy or consulate.

Read more on Hackers and cybercrime prevention