Reveton ransomware schemer stripped of six years of freedom, £270,000, and a Rolex

UK prosecutors say 25-year-old computer science student needs to pay up or face more time behind bars.

How to prevent a ransomware attack

A member of a Russian-speaking cybercriminal group distributing Reveton ransomware has been jailed and ordered to pay back £270,000 ($355,000).

On Monday, the UK's National Crime Agency (NCA) said Zain Qaiser, a resident of Essex and a computer science student, admitted to being a member of the cybercriminal gang and was jailed in April following a long-term investigation by law enforcement.

Over the course of six years, the 25-year-old was tied to what is believed to be the Russian Lurk group, in which 50 suspected members and associates were arrested back in 2016. The student's role was to pose as legitimate companies to buy advertising space from pornographic and adult websites and these spaces would actually be used for malvertising purposes. 

Visitors would be redirected to fraudulent domains laced with malware, including the Reveton ransomware. This form of malware would attempt to encrypt and lock systems, masquerading as law enforcement or government agencies. Victims would face payment demands of between $300 and $1,000, made through GreenDot MoneyPak vouchers, to decrypt their devices and avoid prosecution for imaginary offenses. 

See also: New ransomware attacks target your NAS devices, backup storage

While the group was active, it is estimated that victims were accounted for in over 20 countries and millions of PCs were infected with malware including Reveton. 

According to UK law enforcement, despite declaring no income, Qaiser enjoyed a luxury lifestyle including stays in premium hotels, gambling, drugs, and soliciting prostitutes.

After being arrested in 2014 and then released due to a lack of evidence, charges were eventually filed in 2017, leading to a six-year jail term. Qaiser admitted to blackmail, fraud, money laundering, and computer misuse offenses. 

Financial accounts linked to Qaiser were eventually discovered, including a cryptocurrency account stored overseas, which contained over £100,000.

Law enforcement has now demanded that Qaiser pay back £270,000 ($355,000), together with the sale of a £5000 Rolex, "based on an assessment of his available assets." 

CNET: Reddit uncovers Russian campaign to spread leaked UK documents

However, prosecutors estimate that Qaiser made closer to £700,000 ($920,000) during his criminal career.

Kingston Crown Court has given the student three months to come up with the money, and if he does not, he will have to serve an additional two years behind bars and will still owe the court the same amount. 

"This was an extremely long-running and complex investigation which proves that we will use all the tools at our disposal to ensure cybercriminals are brought to justice and cannot continue to benefit from their illicit earnings," says Nigel Leary, Head of Operations in the NCA's National Cyber Crime Unit.

TechRepublic: Analysts worry about tech security threats ahead of 2020 elections

Qaiser is not the only member of the Russian-speaking group that has been caught. In August, former Microsoft engineer Raymond Odigie Uadiale was jailed by the US Department of Justice (DoJ) for laundering MoneyPak payments and "cashing out" by turning the proceeds into prepaid debit cards. 

Last week, Kaspersky researchers warned that Network Attached Storage (NAS) and backup storage devices are now being targeted by ransomware operators. Devices exposed online through web interfaces with weak or default credentials are being accessed, with ransomware deployed to force users -- in both the business and consumer realms -- to pay up.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0