Estonian Cybercriminal Sentenced to Five Years in Prison for Ransomware Attacks and Financial Frauds

A United States court has handed down a five-year prison sentence to Maksim Berezan, an Estonian cybercriminal accused of involvement in 13 ransomware attacks and numerous financial frauds. The sentencing follows a years-long investigation into the activities of the former member of Russia’s DirectConnection forum, who was arrested in Latvia at the end of 2020 and subsequently extradited to the US.

Specialization in Cashouts

Berezan, also known as “Albanec”, specialized in cashouts - a technique used by cybercriminals to steal payment card information and use it to make fraudulent purchases or withdraw cash. An analysis of his computer equipment revealed that he was involved in at least 13 ransomware attacks, including seven targeting US victims, with approximately $11 million in ransom payments flowing into cryptocurrency wallets under his control.

Uncovered Financial Frauds

The investigation also uncovered Berezan’s use of the “unlimited” cashouts technique, which involves hacking into a bank or payment card processor and using cloned payment cards to fraudulently withdraw millions of dollars from cash machines around the world in just a few hours. Charged with conspiracy to commit wire fraud, Berezan pleaded guilty in April 2021 and was sentenced to:

• 66 months in prison by a US court in March 2022
• An order to pay $36 million in restitution to his victims

Key Findings

• Berezan was involved in at least 13 ransomware attacks, including seven targeting US victims.
• Approximately $11 million in ransom payments flowed into cryptocurrency wallets under his control.
• He used the “unlimited” cashouts technique to fraudulently withdraw millions of dollars from cash machines around the world.
• Charged with conspiracy to commit wire fraud and pleaded guilty in April 2021.
• Sentenced to 66 months in prison and ordered to pay $36 million in restitution.