Following extradition from Poland, a Latvian man appeared in a Minneapolis court on Monday accused of a “scareware” hacking scheme that made use of the Minneapolis Star Tribune's website and led to millions of dollars in damages, acccording to a statement from the Department of Justice.
Peteris Sahurovs, aka “Piotrek” and “Sagade,” was indicted on wire fraud, computer fraud and conspiracy charges in 2011 in Minnesota. He was arrested in Latvia in 2011, but fled following his release. He was arrested in Poland in 2016 and the U.S. began extradition proceedings. He was the FBI's fifth most wanted cybercriminal with a $50,000 reward offered for his arrest and conviction.
Sahurovs is accused of unleashing malware that caused pop-ups to appear on targeted computers purporting to be a security software product, which the recipient must purchase in order to regain control of their computers. The victims were subsequently deluged with continuous pop-up ads notifying them to present their credit card details to engage the phony anti-virus software.
Sahurovs and his partners in the alleged scheme, went so far as to place phony ads to disseminate their malware by creating a bogus ad agency that purportedly represented an American hotel chain seeking to buy online ad space on startribune.com, the news website of the Minneapolis Star Tribune, according to the indictment. Once their ads ran on the site, the bad actors are said to have altered the computer code in the ad leading to visitors to the news site being infected with malware.
At that point users' computers would freeze up before unleashing a series of pop-up alerts that duped victims into buying Sahurovs's alleged "anti-virus" software that promised to restore operations of the computer. However, even if a victim purchased the tool, the malware still lingered in their machines. For those who refused to fall for the ploy, data became inaccessible.
The conspiracy reportedly earned Sahurovs and his partners more than $2 million.
This case is being investigated by the FBI's Minneapolis Field Office.