Andromeda botnet operator ‘Ar3s’ let off with just a rap on the knuckles

  • Sergey Yarets, aka Ar3s, was arrested by Belarusian authorities last year for running the Andromeda botnet.
  • The cybercriminal was fined $1,425 but was waived by a Judge for the six months he has already spent in prison.

The cybercriminal who operated the Andromeda botnet has been let off with just a rap on the knuckles. Sergey Yarets, aka Ar3s, was arrested by Belarusian authorities in December 2017 for running the Andromeda botnet.

The Andromeda botnet was shut down thanks to a joint FBI and Europol operation. Organizations such as ESET, Microsoft, Shadowserver Foundation and others collaborated with law enforcement authorities to sinkhole the Andromeda botnet.

Belarusian authorities dropped all charges against Yarets after he handed over all the money he made while operating the Andromeda botnet. The cybercriminal reportedly made around $5,400 from renting out Andromeda to other cybercriminals.

Yarets was initially fined $1,425 and faced a prison sentence of up to 10 years. However, a Belarusian judge waived the fine for the six months Yarets has already spent in prison, Bleeping Computer reported.

No Belarusian victims

The Belarusian judge was lenient on the Andromeda botnet operator because there were no Belarusian victims, according to a Radio Free Europe reporter who was at the court hearing.

"This case is another example of a double standard toward prosecuting cybercriminals in post-Soviet countries, where they treat their own cybercriminals differently, allowing them to avoid fair punishment and then using them in the interests of the state, neutralizing the efforts of the international community to combat cybercrimes," Recorded Future security researcher Alexandr Solad wrote in a blog.

Ar3s is not Andromeda’s creator

Yarets was reportedly not Andromeda’s creator. Andromeda is believed to have been developed in 2011 by a Russian cybercriminal only known as Waahoo. Yarets claimed that he began selling Andromeda to other cybercriminals at Waahoo’s request.

“It should be noted that Waahoo handed over the exclusive rights of the Andromeda trojan to Yarets in 2012 and announced it on an underground forum,” Solad added. “Waahoo continued to be involved in its development, supervision, and the hiring of programmers until approximately 2015, but at the time of the FBI purchase and arrest, Yarets was the only one who was responsible for the trojan operation. The Belarusian investigators and judges most likely knew this but did not take it into account for unknown reasons.”