The Department of Justice (DoJ) on Tuesday unveiled charges against an alleged operator of the Raccoon Infostealer malware, which it said has infected millions of computers. The DoJ also revealed that the FBI and law enforcement partners had dismantled the malware’s infrastructure in March.
Raccoon Infostealer was one of the most prolific information stealers in 2021 due to its ability to be easily customized and its ease of use. Since 2019, Raccoon Infostealer was sold as a service for $200 a month. Cybercriminals could use spear phishing, fake installers and other tactics to infect victims with the malware and steal personal data, such as login credentials or financial data.
On Tuesday, the DoJ said that a 26-year-old Ukrainian national, Mark Sokolovky, had been arrested in March by Dutch authorities and was being charged for his alleged role in conspiring to operate the infostealer as a service. Sokolovky is currently being held in the Netherlands pursuant to an extradition request by the U.S., according to the DoJ.
“This case highlights the importance of the international cooperation that the Department of Justice and our partners use to dismantle modern cyber threats,” said Deputy Attorney General Lisa O. Monaco in a statement. “As reflected in the number of potential victims and global breadth of this attack, cyber threats do not respect borders, which makes international cooperation all the more critical.”
Sokolovsky could potentially face up to 20 years in prison for wire fraud and money laundering offenses, five years for conspiracy to commit computer fraud and a two-year term for aggravated identity theft, according to U.S. authorities.
In addition to charges against Sokolovsky, the U.S. said that the FBI had partnered with law enforcement agencies in Italy and the Netherlands in order to bring down the infrastructure supporting Raccoon Infostealer and take its then existing version offline.
Since then, the FBI has collected data that had been stolen from computers infected with Raccoon Stealer and said it has identified more than 50 million unique credentials (including four million email addresses) and forms of authentication, including bank accounts, cryptocurrency addresses and credit card numbers. The FBI also created a website (raccoon.ic3.gov) where potentially impacted victims can input their email address in order to determine if it is part of the U.S. government’s retained repository of Raccoon Infostealer stolen data.
Over the past year the U.S. government has worked with other law enforcement and technology partners to disrupt or dismantle malicious infrastructure and arrest attackers behind various cybercrimes, from business email compromise (BEC) to malware attacks.
“We have once again leveraged our unique authorities, world-class capabilities, and enduring international partnerships to maximize impact against cyber threats,” said FBI Deputy Director Paul Abbate in a statement. “We will continue to use all available resources to disrupt these attacks and protect American citizens.”