Assisted in some cases by money mules who funneled the stolen funds through U.S. bank accounts before shipping the money overseas, the group stole or extorted tens of millions of dollars from victims. Among those affected was a Pennsylvania school district that saw $999,000 wired out of its accounts and an oil company that lost more than $2 million.
The FBI, in partnership with the State Department’s Transnational Organized Crime Rewards Program, also announced a reward of up to $5 million for information leading to the arrest of Yakubets, who is alleged to be the leader of the scheme. The reward is the largest ever offered for a cyber criminal.
“The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life,” said FBI Deputy Director David Bowdich. “The FBI, with the assistance of private industry and our international and U.S. government partners, is sending a strong message that we will work together to investigate and hold all criminals accountable.”
According to the charges, the co-conspirators distributed the malware through email phishing campaigns. In the early years, these messages were sent in massive, widespread campaigns. More recent attacks have been more strategic—specifically targeting businesses and organizations that have valuable computer systems and access to significant financial resources.
Victims were tricked into opening a document or clicking on a graphic or link that appeared to be from a legitimate source. The link or attachment downloaded the malicious code onto the user’s machine, where it could also spread to any networked computers.
According to FBI Supervisory Special Agent Steven Lampo, this campaign deployed a stealth type of malware designed to avoid detection by antivirus software. “The full program does too much and is too big to avoid detection,” Lampo said. The smaller piece of code, however, can inject itself into the running processes of the machine—beginning a process that allows the full suite of malware to load onto the machine or network. The malware’s creators were constantly creating new variants of the code to avoid antivirus tools.