Zain Qaiser, a 25-year old British hacker who was sentenced to six-and-a-half-years in prison for targeting millions of computer users in more than twenty countries with ransomware attacks, has now been ordered by a court to hand over £270,864.47 from the proceeds of his crime.
Zain Qaiser was sentenced to six-and-a-half years in prison in April this year for blackmailing computer users into paying more than £700,000 in ransom between 2012 and 2018 to regain control of their devices.
According to the National Crime Agency, Qaiser created an online account named K!NG and used fraudulent identities and bogus companies to purchase large amounts of advertising traffic from pornographic websites. Once advertising space was obtained on a pornographic website, Qaiser and his cyber-crime associates hosted and posted advertisements laced with malware.
When visitors to such websites clicked on malicious advertisements, they were redirected to a malicious website that hosted highly-sophisticated malware strains including the infamous Angler Exploit Kit (AEK) as well as a payload called Revetron that was capable of locking a user's browser.
"Once locked, the infected device would display a message purporting to be from a law enforcement or a government agency, which claimed an offence had been committed and the victim had to pay a fine of anything between $300-$1,000 in order to unlock their device. The campaign infected millions of computers worldwide across multiple jurisdictions," the NCA noted.
Once targeted users paid the ransom in virtual currency to regain control over their devices, Qaiser would reroute the money back to himself through a complex web of pre-loaded credit cards, fraudulent identities, and cryptocurrency to make such transactions difficult to detect.
Even when online advertising agencies caught wind of Qaiser's criminal activity, he blackmailed them by threatening to destroy their servers and also carried out two DDoS attacks which cost these agencies at least £500,000 through lost revenue and mitigation costs.
Kingston Crown Court orders Qaiser to hand over £270,864.47
Earlier this month, the NCA announced that the Kingston Crown Court has ordered Qaiser to hand over £270,864.47 based on an assessment of his available assets, failing which his six-and-a-half-year prison sentence will be extended by another two years.
Based on a detailed investigation centred around Qaiser's activities, NCA revealed that the hacker earned hundreds of thousands of pounds through his criminal activities and spent the proceeds of his criminality on stays in high-end hotels, prostitutes, gambling, drugs and luxury items including a £5,000 Rolex watch.
The agency also found that Qaiser spent £68,000 on gambling in a London casino during a 10-month period and also operated a series of financial accounts, including an overseas crypto-currency account, that received in excess of £100,000 over several years.
"Zain Qaiser was an integral part of a highly sophisticated cyber crime group. He assisted the group in generating millions of pounds in ransom payments by blackmailing countless victims, from which he himself profited hugely.
"This was an extremely long-running and complex investigation which proves that we will use all the tools at our disposal to ensure cyber criminals are brought to justice and cannot continue to benefit from their illicit earnings," said Nigel Leary, Head of Operations in the NCA’s National Cyber Crime Unit.