Estonian Ransomware Operator Sentenced to 66 months in Prison
Maksim Berezan, an Estonian man linked to multimillion-dollar ransomware attacks, was sentenced on Friday to 66 months in prison for his involvement in online fraud schemes.
The 37-year-old man was sentenced after pleading guilty in April 2021 to wire fraud and computer intrusions counts following his arrest in Latvia and extradition to the United States.
According to the indictment, between July 2009 and December 2015, Berezan was a member of the exclusive DirectConnection cybercrime forum Russian-speaking cybercriminals could join after being vetted by three other members.
Throughout his DirectConnection activity, he was specialized in carding cashouts and drops. Cashouts describe using stolen payment card data to make fraudulent purchases and withdraw money from the victims’ accounts, while drops are the secure movement of goods and funds obtained from cashouts using untraceable means.
“From 2009 through 2015, Berezan not only furthered the criminal aims of the forum, but he also worked closely with forum members and other cybercriminals for purposes of obtaining and exploiting stolen financial account information,” the Justice Department said today.
Ransomware attacks behind $53 million in losses
Besides online fraud involving the selling of stolen payment cards, Berazan was also involved in multiple ransomware attacks that led to more than $53 million in losses based on evidence found on electronic devices seized after his arrest.
The investigation found that he had participated in at least 13 ransomware attacks, seven against U.S. targets. The victims sent roughly $11 million worth of ransom payments to cryptocurrency wallets under Berezan’s control.
Law enforcement agents also seized over $200,000 from Berezan’s residence and electronic devices storing bitcoin wallet passphrases for cryptocurrency worth approximately $1.7 million.
“Many of the world’s ransomware players began as fraudsters engaged in other types of online crimes, and this case demonstrates that their crimes will catch up to them,” said Assistant Attorney General Kenneth A. Polite Jr.
“The United States is committed to working with its international partners to hold cybercriminals accountable.”