A jailed hacker responsible for distributing highly effective Bitcoin-demanding ransomware campaigns has been ordered to pay $355,671 (£270,000) to avoid seeing his prison sentence extended.
25-year-old computer science student Zain Qaiser was sentenced to more than six years in April after admitting he was part of a Russian-speaking cybercrime group that made huge profits from victims in over 20 countries.
Prior to his arrest, Qaiser spent his gains on luxury hotels, prostitutes, gambling, and drugs. He also purchased a $6,586 (£5,000) Rolex watch, which he’s been ordered to sell to make the repayment.
Qaiser was told to hand over $356,811.12 (£270,864.47) based on an assessment of his available assets at a confiscation hearing at Kingston Crown Court last week.
If he doesn’t pay within three months, the hacker will see his sentence extended by an additional two years. He will also still be liable for the money.
“Zain Qaiser was an integral part of a highly sophisticated cybercrime group,” said Nigel Leary, head of operations in the National Crime Agency‘s (NCA) National Cyber Crime Unit.
“He assisted the group in generating millions of pounds in ransom payments by blackmailing countless victims, from which he himself profited hugely. Confiscation orders are a key tool in allowing us to pursue illegally-obtained assets and preventing convicted criminals from funding luxury lifestyles on their release,” he noted.
For six years, Qaiser used fraudulent identities and fake companies to pose as legitimate online ad agencies to purchase advertising traffic from adult entertainment sites.
The criminals would then use the ad space to host advertisements containing malware.
When users clicked on the ad, they were redirected to another site and potentially infected with a malicious payload — including the infamous Angler Exploit Kit — created by one of Qaiser’s Russian-speaking counterparts.
Reveton — a type of malware that would lock a user‘s browser — was one of the payloads created by the group. Once compromised, the device would display a message purporting to be from law enforcement or a government agency, claiming a crime had been committed and asking the victim to pay between $300 and $1,000 in Bitcoin in exchange for unlocking the files.
This campaign was particularly damaging, infecting millions of computers across the globe.
Qaiser was first arrested in July 2014 and was charged in February 2017.
Investigators at the NCA were then able to identify several financial accounts linked to him, including an overseas cryptocurrency account.
In total, the accounts contained $131,730 (£100,000) despite Qaiser not having no job and declaring no earnings.
The following year he admitted 11 offenses, including blackmail, fraud, money laundering, and computer misuse.