Latvian man indicted for “scareware” hacking scheme on Minneapolis Star-Tribune’s website

A Latvian man was recently extradited from Poland to face charges in Minneapolis regarding his involvement in a “scareware” hacking scheme, which targeted the website of the Minneapolis Star-Tribune and caused millions of dollars in losses.

Peteris Sahurovs, known by the hacker pseudonyms “Piotrek” and “Sagade”, was originally indicted for charges of wire fraud, computer fraud, and conspiracy back in 2011. After being arrested and indicted in Latvia in June of that year, Sahurovs fled the country soon after his release. In November 2016, he was located by Polish law enforcement and subsequently transferred to the United States to face his charges.

At the time of his arrest, Sahurovs was the Federal Bureau of Investigation’s (FBI) fifth most-wanted cybercriminal.

According to court documents, Sahurovs and a team of hackers posed as a fraudulent advertising agency that represented a hotel chain that wanted to purchase ad space on the Star-Tribune’s website.

Soon after the ads began running on the website, Sahurovs’ hacker team altered the computer code within the ads so that visitors to the Star-Tribune website also became infected with the malware.

Scareware is a type of malware that acts as a legitimate security software product that “detects” a variety of threats on affected computers that do not actually exist. Once the malware infects a computer, victims are subjected to a series of aggressive notifications prompting users to pay a fee for an illegitimate “antivirus” software. Victims could only re-access their files after entering their credit card information.

The U.S. Department of Justice said the scheme netted Sahurovs’ hacking team more than $2 million.

The case is currently being investigated by the FBI’s Minneapolis Field Office.