Reveton ransomware distributor faces jail time of six years

• The UK man had reportedly targeted hundreds of millions of computers with Reveton ransomware.
• It is estimated that he received more than $915,000 from the ransom payments.

The National Criminal Agency (NCA) has sentenced Zain Qaiser to six years of imprisonment for his involvement in Reveton ransomware attacks. The 24-year-old computer science student from Barking, London, was part of a Russian crime group that had perpetrated this attack in more than 20 countries.

In order to deploy Reveton ransomware to systems, Qaiser, and co. relied on using exploit kits in advertisements on adult websites. In other words, these ads were injected with bad code to deploy malicious payloads.

Worth noting

• Qaiser used the online alias ‘K!NG’ and bought advertising traffic from adult sites on behalf of the Russian crime group. After this, ads were hosted on the sites which contained code for downloading malicious payloads.
• One of the malicious payloads was the Reveton ransomware. Once this ransomware made way into a system, it would lock the browser and display a fake message of a law enforcement agency or government entity. The victim is asked to pay a fine for an ‘offense’ in order to unlock the entire system.
• Qaiser was also responsible for two DDoS attacks he committed when some ad agencies refused to provide services for buying traffic.
• NCA also reported that the Qaiser and group deployed a malicious tool called Angler Exploit Kit (AEK) to drop Reveton.

What techniques were used to launder money - Qaiser was believed to have used a variety of money laundering schemes to steal money from his victims.

“Ransom demands were made by Qaiser through a complex process of virtual and crypto-currency money laundering. Blackmailed victims would be directed to pay the ransom demand using a prescribed virtual currency, which would then be laundered using a variety of methods and an international network of illegitimate financial service providers,” the NCA stated.

Qaiser was apprehended in 2014 and was charged in 2017. The ransomware’s activity stopped when he was in custody in December 2018. Later on, he admitted to 11 offenses and was jailed in Kingston Crown Court.