Cybersecurity Negotiator Sentenced to Prison for BlackCat Ransomware Collusion

Cybersecurity Negotiator Sentenced to Prison for BlackCat Ransomware Collusion
Photo by on Unsplash

Oleg Koshkin, a 40-year-old individual who presented himself as a ransomware negotiation expert, has been handed a significant prison sentence for his involvement in a scheme that facilitated attacks by the notorious BlackCat (ALPHV) ransomware group. Koshkin received a sentence of 4 years and 2 months, equivalent to 50 months, from the U.S. District Court in the District of New Jersey. He had previously entered a guilty plea in July 2023 to charges of conspiracy to commit wire fraud and money laundering.

The elaborate scheme saw Koshkin act as an intermediary, receiving ransom payments from victims of BlackCat attacks. Instead of genuinely assisting victims, he collaborated with the cybercriminals, taking a commission from the received funds before forwarding the remaining balance to the ransomware operators. This illicit operation impacted over 100 victims, some of whom were critical infrastructure entities. Through these actions, Koshkin facilitated at least $4.4 million in ransom payments to the BlackCat group, personally accumulating at least $2.2 million in illicit proceeds from the scheme.

Federal authorities underscored the severity of Koshkin's actions. Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division stated, "Oleg Koshkin was a self-described ransomware negotiator who claimed to help victims of ransomware attacks. In reality, he was an accomplice to the BlackCat ransomware group, helping to facilitate millions of dollars in illegal proceeds." Further reinforcing the commitment to combating cybercrime, Assistant Director Bryan Vorndran of the FBI’s Cyber Division commented, "This case demonstrates the FBI’s commitment to dismantling these ransomware groups and holding those who facilitate them accountable." Special Agent in Charge Ricky J. Patel of Homeland Security Investigations Newark added, "Koshkin, like so many others who attempt to hide behind a computer screen, found out today that he is not immune from justice."

Why it matters: This sentencing sends a clear message about the legal repercussions for individuals who, under the guise of legitimate services, actively aid cybercriminal enterprises. It highlights the Department of Justice's ongoing efforts to disrupt the entire ransomware ecosystem, including those who enable the flow of illicit funds. The BlackCat (ALPHV) ransomware group, active since November 2021, has targeted over 1,000 victims globally and extorted more than $300 million in ransom payments, with the DOJ having seized $68 million from the group in December 2023.

In addition to his prison term, Koshkin faces substantial financial penalties. Authorities successfully seized $2.2 million from his assets, and he has been ordered to forfeit this amount and pay $4.4 million in restitution to the victims. His co-defendant, Jonathon K. To, also pleaded guilty in May 2023 and is currently awaiting his own sentencing.



Reporting based on original coverage from BleepingComputer. Original report →
Previous Post Next Post