Ukrainian Fedir Hladyr, a FIN7 operator, pleaded guilty in a U.S. district court Wednesday to conspiracy to commit computer hacking and wire fraud.

The 34-year-old Hladyr, who has been in custody since his January 2018 arrest in Dresden, Germany for serving as an administrator of the hacking group under the cover of front company called Combi Security, copped a deal with prosecutors in which, a Cyberscoop report said, he’d see no more than 25 years in prison.

He had originally faced 26 counts for his participation in campaigns that nicked more than $1 billion from 100 banks in 30 countries in a 2014 string of point-of-sale (POS) attacks that targeted U.S. restaurant chains, including Wendy’s, Chipotle and Red Robin. In 2017 researchers discovered a Carbanak, aka FIN7, backdoor malware looking to steal screenshots and passwords.

Dubbed Bateleur, the malware spread via phishing emails purporting to contain information on a previously discussed check and sent form an Outlook.com account.