A Russian national has been sentenced to two years in U.S. prison for helping operate a botnet used by ransomware gangs to attack American companies, authorities said Tuesday.
Ilya Angelov, 40, of Tolyatti, Russia, pleaded guilty to managing a botnet that other cybercriminals used to break into corporate systems and deploy ransomware.
A U.S. district court sentenced Angelov to 24 months in prison and imposed a $100,000 fine. According to court records, he was one of the leaders of a Russia-based cybercrime group known as Mario Kart, also tracked as TA-551, Shathak, Gold Cabin and Monster Libra.
Members of the group distributed malware, launched large-scale spam campaigns and sold access to compromised machines to other cybercriminal operations. Mario Kart spread its malware primarily through phishing emails sent on a massive scale, sometimes reaching as many as 700,000 messages per day.
Victims who opened malicious attachments unknowingly infected their computers, adding them to the botnet. At its peak, the campaign was capable of compromising roughly 3,000 machines per day.
Angelov and a co-manager monetized the botnet by selling access to individual compromised computers, known as bots. This access was sold to other criminal groups that typically carried out ransomware extortion schemes.
One customer distributed the BitPaymer ransomware, which locked victims out of their computer systems and demanded payment, typically in cryptocurrency, to restore access. The FBI identified 72 U.S. computer networks infected with BitPaymer between August 2018 and December 2019, generating more than $14 million in ransom payments, according to court documents.
After disruptions to the BitPaymer operation, another criminal group linked to the IcedID malware paid Angelov’s group about $1 million for access to the botnet in late 2019 or early 2020, authorities said. The relationship later evolved into a partnership that lasted until around August 2021.
Angelov used the online aliases “milan” and “okart” while helping manage the group, which developed malware, operated spam distribution infrastructure and recruited members to expand the operation, prosecutors said.
In a separate case earlier this week, U.S. prosecutors announced a prison sentence for another Russian hacker linked to ransomware operations. Aleksei Volkov, who helped the Yanluowang ransomware gang breach U.S. companies, received an 81-month prison sentence for his role in attacks that caused millions of dollars in damage.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
