A Latvian national who at one point was the fifth most wanted cybercriminal in the U.S. pleaded guilty this week in federal court to supporting a scareware scheme targeting users of the Minneapolis Star Tribune's website.

Peteris Sahurovs, aka Piotrek or Sagade, admitted that from roughly February 2010 to September 2010, he registered domain names, offered bulletproof web hosting services, and provided tech support to a cybercriminal operation that used a fake Best Western hotels malvertisement to infect startribune.com visitors with malware that caused slow system performance, generated unwanted pop-up ads and caused system failure.

Victims would receive a fake Windows Security Alert advising them that their machines were infected and instructing them to purchase an antivirus program for $49.95. Sahurovs said he generated somewhere between $150,000 and $250,000 from these ill-gotten payments.

Before District Judge Ann Montgomery of the District of Minnesota, Sahurovs officially pleaded guilty to one count of conspiracy to commit wire fraud. According to a Department of Justice press release, Sahurovs was originally arrested in Latvia in June 2011, but later fled after being released. In November 2016, he was arrested again in Poland and extradited to the U.S. in June 2017. He will be sentenced on June 6, 2018.

“This particular scheme was dangerous on several levels, especially the use of a website belonging to a media institution,” said Richard Thornton, special agent in charge at the FBI's Minneapolis Division. “In this case, there were thousands of victims who lost millions of dollars, but the use of the media Internet site is concerning because it has the potential to undermine the public's access to information, a pillar of American democracy.”