DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Russian National Sentenced for Providing Crypting Service for Kelihos Botnet

Posted on December 10, 2021 by Dissent

A Russian national was sentenced today in Hartford federal court to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.

According to court documents, Oleg Koshkin, 41, was convicted by a federal jury on June 15 of one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse.

“The defendant provided a critical service used by cybercriminals to evade one of the first lines of cybersecurity defense, antivirus software,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “Cybercriminals depend on services like these to infect computers around the world with malware, including ransomware.  The Criminal Division and our law enforcement partners are committed to investigating and prosecuting anyone who criminally operates these services to the fullest extent of the law.”

“Koshkin’s unscrupulous websites provided a vital service to cyber criminals, allowing them to hide their malware from antivirus programs and use it to infect thousands of computers all over the world,” said Acting U.S. Attorney Leonard C Boyle of the District of Connecticut. “We will continue to work closely with our investigative partners to root out and prosecute individuals involved across the ransomware spectrum, wherever they try to hide.”

“Today’s sentencing of Oleg Koshkin serves as another example of the risk and consequences awaiting those who choose to commit cybercrimes against the American public,” said Special Agent in Charge David Sundberg of the FBI’s New Haven Division. “For years, Koshkin and his co-conspirators worked to evade our most basic cyber defenses in order to spread malware on a truly global scale. While our work to bring Koshin to justice comes to a close, the FBI will continue to tirelessly defend our country from the ever-evolving cyber threats posed by criminals, terrorists and hostile nation-states.”

According to court documents and evidence presented at trial, Koshkin operated the websites “crypt4u.com,” “fud.bz,” and others. The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. Koshkin and his co-conspirators claimed that their services could be used for malware such as botnets, remote access trojans, keyloggers, credential stealers, and cryptocurrency miners.

Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to crypt the Kelihos malware multiple times each day. In September 2018, Levashov pleaded guilty to various fraud, conspiracy, computer crime and identity theft offenses.

Koshkin provided Levashov with a custom, high-volume crypting service that enabled Levashov to distribute Kelihos through multiple criminal affiliates. The Kelihos botnet was used by Levashov to send spam, harvest account credentials, conduct denial of service attacks, and to distribute ransomware and other malicious software. According to evidence presented at Koshkin’s sentencing, Kelihos relied on the crypting services provided by Crypt4U from 2014 until Levashov’s arrest in April 2017; and just in the last four months of that conspiracy, Kelihos infected approximately 200,000 computers around the world.

Koshkin’s co-defendant, Pavel Tsurkan, pleaded guilty on June 16 to one count of causing damage to a protected computer, an offense that carries a maximum term of 10 years in prison. He is awaiting sentencing.

The FBI’s New Haven Field Office investigated the case through its Connecticut Cyber Task Force.

Assistant U.S. Attorney Edward Chang of the District of Connecticut and Senior Counsel Ryan K.J. Dickey of the Criminal Division’s Computer Crime and Intellectual Property Section prosecuted the case, with assistance from the Criminal Division’s Office of International Affairs. The Estonian Police and Border Guard Board also provided significant assistance.

The Department of Justice announced in April the creation of the Ransomware and Digital Extortion Task Force to combat the growing number of ransomware and digital extortion attacks. As part of the Task Force, the Criminal Division, working with the U.S. Attorneys’ Offices, prioritizes the disruption, investigation, and prosecution of ransomware and digital extortion activity by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes. The department, through the Task Force, also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.

Source: U.S. Attorney’s Office, District of Connecticut

Category: MalwareOther

Post navigation

← More news items involving ransomware….
‘The internet’s on fire’ as techs race to fix worst software flaw in years →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.