US extradites Russian individual for allegedly selling malicious software

The U.S. Attorney’s Office of the Middle District of Florida announced on Wednesday the arrest and extradition of a Russian man who allegedly developed and sold a malicious software program that breached protected computers by decrypting login credentials like passwords.

Dariy Pankov, 28, was arrested in the Republic of Georgia in October and was later extradited to the U.S., where he faces multiple charges, including access device fraud and computer fraud. 

According to the indictment, Pankov used the malicious software, known as NLBrute, to obtain the login credentials of more than 35,000 computers worldwide and then sold them through a site on the dark web for a fee.

He allegedly received more than $350,000 in illicit proceeds.

Prosecutors allege the stolen credentials were then used to commit a range of illegal activity, including ransomware attacks and tax fraud. 

If found guilty of all counts, Pankov could face up to 47 years in prison.

Pankov’s arrest comes as the Department of Justice is increasing its efforts to crackdown on global ransomware activity. 

The department announced in January that it had dismantled an international ransomware group, known as Hive, for extorting more than $100 million in payments from organizations based in the U.S. and around the world.

Attorney General Merrick Garland said at the time that the ransomware group targeted critical sectors, including hospitals and schools.