A Russian national has been sentenced to two years in a U.S. prison for orchestrating a botnet that facilitated ransomware attacks targeting American businesses, according to the U.S. Department of Justice (DoJ). The individual, identified as Ilya Angelov, aged 40, hails from Tolyatti, Russia, and was also fined $100,000. Operating under pseudonyms “milan” and “okart,” Angelov co-led a cybercriminal organization known as TA551, active from 2017 to 2021.
Structure and Operations of TA551
The cybercrime group TA551, also recognized by numerous aliases such as ATK236, G0127, and Gold Cabin, constructed an extensive network of compromised computers, commonly referred to as a botnet. This network was established through malware-laden files distributed via spam emails, as detailed by the DoJ. Angelov, alongside his co-leader, capitalized on the botnet by vending access to these compromised systems to other cybercriminals.
The group was adept at developing sophisticated programs designed to disseminate spam emails and deploy malware capable of evading security defenses. Angelov played a pivotal role in recruiting members and managing the group’s operations. A significant tool in their arsenal was a backdoor that allowed the injection of malicious software into targeted systems.
Financial Gains and Damage
The primary objective of these cyberattacks was to sell access to other criminal entities, who then exploited it for ransomware extortion. Between August 2018 and December 2019, TA551 granted the BitPaymer ransomware group access to their botnet, resulting in 72 American corporations being compromised and over $14.17 million paid in ransoms.
Additionally, the operators of the IcedID malware paid Angelov’s group more than a million dollars for botnet access in late 2019 or early 2020, facilitating further ransomware distribution. While the extent of the damage remains unclear, it’s believed this collaboration strengthened post the BitPaymer group disruption, persisting until August 2021, as per the FBI.
Broader Implications and Future Outlook
In November 2021, Cybereason reported TA551’s collaboration with the TrickBot trojan operators to distribute Conti Ransomware. Concurrently, France’s CERT-FR revealed that the Lockean ransomware gang utilized TA551’s services following the Emotet botnet’s takedown in early 2021.
U.S. Attorney Jerome F. Gorgon Jr. remarked on the continual threat posed by international cybercriminals targeting U.S. entities, stating, “Their techniques grow more advanced, yet their intent remains to exploit and damage.” This sentencing comes shortly after another Russian, Aleksei Olegovich Volkov, received a nearly seven-year sentence for his role in facilitating Yanluowang ransomware attacks.
The increasing sophistication of cybercriminal techniques underscores the urgent need for enhanced cybersecurity measures to protect against future threats. The case highlights the persistent global challenge posed by cybercrime and the importance of international cooperation in combatting these digital threats.
