An Estonian has been sentenced to more than five years in prison for his role in a massive online fraud and ransomware campaign.
Maksim Berezan, 37, was arrested in Latvia and extradited to the United States, where he pleaded guilty in April 2021 to conspiracy to commit wire fraud affecting a financial institution and conspiracy to commit fraud on access devices and computer intrusions.
According to court documents, he was a key figure in the members-only Russian cybercrime forum DirectConnection. Between 2009 and 2015, Berezan was involved in the use of stolen cards to make fraudulent purchases and drain their bank accounts of funds, as well as the effective laundering of those funds.
He is also believed to have been involved in at least 13 ransomware attacks that resulted in losses of $53 million. Seven of those attacks targeted American victims and about $11 million in ransom payments were paid into cryptocurrency wallets he controlled, the Department of Justice (DoJ) claimed.
Berezan reportedly used his profits to buy two Porsches, a Ducati motorcycle and an assortment of jewelry. Officers also seized $200,000 in cash and electronic devices storing passphrases in bitcoin wallets containing approximately $1.7 million in digital currency.
“While we have long been concerned with protecting money, from the early days of coins and paper, to plastic, and the more accessible and common digital currencies of today, we also remain parallel to evolution of criminal behavior in cyberspace,” said Matthew Stohler, Special Agent in Charge of the US Secret Service.
“Ransomware thieves are not safe in any dark corner of the internet where they may think they can hide from our highly trained investigators and law enforcement partners around the world. With our essential partners, we are committed to protecting the public and securing every iteration of our money and every part of our national financial infrastructure.