Cybercrime , Endpoint Security , Fraud Management & Cybercrime
Suspected NLBrute Malware Developer Pleads Not Guilty
Tool Sold on Underground Market Often Used for Initial Access in Ransomware AttacksA Russian national accused by U.S. federal prosecutors of developing an application for decrypting login credentials pleaded not guilty during a first appearance in Tampa, Florida, federal court.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The man, Dariy Pankov - also known as "dpxaker" - faces seven criminal counts including conspiracy, access device fraud and computer fraud. On Wednesday in the courthouse for the U.S. District of the Middle District of Florida, Pankov said through a translator that he is fighting the prosecutors' case. If found guilty on all counts, Pankov faces up to 47 years in prison.
Police in the Caucasus country of Georgia arrested Pankov last October after the U.S. had linked him to the malicious software program NLBrute.
NLBrute gets its name from what it does - it undertakes a trial-and-error method of decrypting passwords known as a brute force attack. NLBrute has long been used to gain initial access for ransomware attacks, particularly by deploying it against machines that have Remote Desktop Protocol activated.
The indictment accuses Pankov of earning at least $358,437 by selling NLBrute on an unidentified criminal marketplace from August 2016 through January 2019. He also had a sideline in cracked credentials. In 2018, he sold a U.S. undercover police office a cracked credential including password for $19.25.
Pankov's arrest is the latest in a string of arrests and actions meant to dismantle ransomware gangs, which mainly operate in Russia and other former Soviet countries.
The Kremlin mostly looks the other way at ransomware gangs so long as they don't target individuals located in former Soviet countries. Famous for not extraditing its citizens, Russia has forced the U.S. and cooperative countries to closely track the vacation schedules of ransomware hackers who venture abroad in the expectation of an arrest followed by extradition.
One such recently arrested Russian national was Denis Mihaqlovic Dubnikov, who earlier this month pleaded guilty to conspiracy to commit money laundering for the Ryuk ransomware-as-a-service gang (see: Ryuk-Linked Russian Pleads Guilty in US Court).