Ransomware Kingpin Who Called Himself “J P Morgan” Extradited to the United States


An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world’s most prolific Russian-speaking cybercriminal gangs.

The UK’s National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle “J P Morgan” since 2015, alongside parallel investigations run by the United States FBI and Secret Service.

The first notable appearance of the moniker “J P Morgan” dates back to 2011, when he and associates launched the Reveton ransomware.

Early versions of Reveton posed as a warning from police that victims’ computers had been locked due to unspecified copyright offences, and demanding with the threat of criminal proceedings that a “fine” be paid within 48 hours.

Later versions of Reveton took a more sinister turn, locking computers with claims that they had been used to view images of child abuse online.

Reveton would even detect a victim’s webcam and display an image of the user alongside the demand for payment – frightening them into paying a “fine” through fear of being imprisoned.

The Reveton attacks were becoming more sophisticated over time, becoming the first ever malware to adopt the ransomware-as-a-service (RaaS) business model.

Tens of millions of dollars are thought to have been extorted from users worldwide by the criminals’ malware.

“J P Morgan” and his associates are described by the NCA, as “elite cybercriminals” who have taken extreme measures over many years to protect their identifies and avoid detention by law enforcement agencies.

However, investigators say they have successfully identified, tracked, and located the individuals across Europe who are said to have been responsible for the development and distribution of various strains of ransomware, including Reveton and Ransom Cartel, as well as the notorious Angler exploit kit.

Spanish police, supported by officers from UK and US law enforcement agencies, arrested 38-year-old Maksim Silnikau, also known as Maksym Silnikov, at an apartment in Estepona, southern Spain, in July 2023.

Silnikau, from Belarus, is believed by police to have used the “J P Morgan” moniker within the cybercriminal community, as well as other handles including “xxx” and “lansky”.

On Friday 9 August 2024, Silnikau was extradited from Poland to the United States where he faces charges related to cybercrime, alongside Vladimir Kadariya, 38, from Belarus, and 33-year-old Andrei Tarasov, from Russia.

“These are highly sophisticated cyber criminals who, for a number of years, were adept at masking their activity and identities. Their impact goes far beyond the attacks they launched themselves,” said NCA Deputy Director Paul Foster. “They essentially pioneered both the exploit kit and ransomware-as-a-service models, which have made it easier for people to become involved in cybercrime and continue to assist offenders.”


Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.

Recent Articles

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here