Russian national convicted of providing encryption service to Kelihos botnet | USAO-CT



A Russian national was sentenced today in Hartford Federal Court to 48 months in prison for exploiting an “encryption” service used to conceal Kelihos malware from antivirus software, which allowed hackers to infect systematically around hundreds of thousands of victim computers around the world with malware. software, including ransomware.

According to court documents, Oleg Koshkin, 41, was convicted by a federal jury on June 15 of one count of conspiracy to commit computer fraud and abuse and one count of fraud and abuse computer science.

“The accused provided an essential service used by cybercriminals to evade one of the first lines of defense in cybersecurity, anti-virus software,” said Deputy Attorney General Kenneth A. Polite Jr. of the Criminal Division of the Ministry of Justice. “Cyber ​​criminals depend on services like these to infect computers around the world with malware, including ransomware. The Criminal Division and our law enforcement partners are committed to investigating and prosecuting anyone who exploits these services criminally to the fullest extent of the law. “

“Koshkin’s unscrupulous websites have provided a vital service to cybercriminals, allowing them to hide their malware from antivirus programs and use it to infect thousands of computers all over the world,” the Acting US Attorney said. Leonard C Boyle of the Connecticut District. “We will continue to work closely with our investigative partners to find and prosecute individuals involved across the spectrum of ransomware, wherever they try to hide. “

“Today’s conviction of Oleg Koshkin is yet another example of the risk and consequences that await those who choose to commit cybercrimes against the American public,” said Special Agent in Charge David Sundberg of the New Haven Division of the United States. FBI. “For years, Koshkin and his co-conspirators have worked to evade our most basic cyber defenses to spread malware on a truly global scale. As our work to bring Koshin to justice draws to a close, the FBI will continue to tirelessly defend our country against the ever-evolving cyber threats posed by criminals, terrorists and hostile nation states.

According to court documents and evidence presented at trial, Koshkin operated the “crypt4u.com”, “fud.bz” and other websites. The websites promised to make malware completely undetectable by almost all of the major antivirus software vendors. Koshkin and his co-conspirators have claimed that their services could be used for malware such as botnets, remote access Trojans, keyloggers, credential thieves and miners. cryptocurrency.

Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to encrypt Kelihos malware multiple times a day. In September 2018, Levashov pleaded guilty to various offenses of fraud, conspiracy, computer crime and identity theft.

Koshkin provided Levashov with a personalized high-volume encryption service that allowed Levashov to distribute Kelihos through several criminal affiliates. The Kelihos botnet was used by Levashov to send spam, collect account credentials, conduct denial of service attacks, and distribute ransomware and other malware. According to evidence presented during Koshkin’s conviction, Kelihos relied on the encryption services provided by Crypt4U from 2014 until Levashov’s arrest in April 2017; and just in the last four months of this conspiracy, Kelihos has infected around 200,000 computers around the world.

Koshkin’s co-accused Pavel Tsurkan pleaded guilty on June 16 to one count of causing damage to a protected computer, an offense punishable by up to 10 years in prison. He awaits the conviction.

The FBI’s field office in New Haven investigated the case through its Connecticut Cyber ​​Security Task Force.

Assistant U.S. Attorney Edward Chang of the Connecticut District and Senior Counsel Ryan KJ Dickey of the Computer Crime and Intellectual Property Section of the Criminal Division continued the case, with assistance from the Office of International Affairs of the penal division. The Estonian Police and Border Guard Council also provided significant assistance.

The Justice Department announced in April the creation of the Ransomware and Digital Extortion Task Force to tackle the growing number of ransomware and digital extortion attacks. As part of the task force, the Criminal Division, in conjunction with the United States Prosecutor’s Offices, is prioritizing the disruption, investigation and prosecution of ransomware and digital extortion activity by tracking and dismantling development and the deployment of malware, identifying responsible cybercriminals, and holding those individuals accountable for their crimes. The department, through the task force, is also strategically targeting the broader ransomware criminal ecosystem and working with domestic and foreign government agencies as well as private sector partners to address this significant criminal threat.


Previous China steel demand and supply could benefit from a political boost in 2022: sources
Next US security agency discusses replacement of Tesla cameras