Microsoft network engineer faces charges linked to Reveton ransomware

A Microsoft network engineer faces federal money laundering and conspiracy charges connected to Reveton ransomware.

What is Reveton ransomware?

After a computer was infected with Reveton ransomware, the screen would lock and a fake message purportedly from the FBI or other law enforcement agency would claim the user had violated federal law; viewing and/or distributing porn was often cited as the law which was violated. The user was informed that a fine had to be paid to unlock their PC.

The FBI regarded Reveton ransomware as “new” back in August 2012. The use of the FBI logo was so popular with this ransomware that some people referred to it as FBI ransomware.

Uadiale charged with money laundering, conspiracy

Raymond Uadiale, 41, is accused of helping to launder money paid by victims of Reveton, as well as conspiracy. He pleaded not guilty to both charges last week in federal court in Fort Lauderdale, Florida.

The Sun Sentinel reported, “The judge did a double take when he heard that Uadiale has been working for Microsoft in the Seattle area since 2014. ‘Cybersecurity, don’t tell me?’ U.S. Magistrate Judge Barry Seltzer quipped. ‘Are they aware of the charges?’”

Microsoft, where Uadiale works as a network engineer, is reportedly aware of the charges, which allegedly stemmed from Uadiale’s actions before he worked for Microsoft.

Laundering money from Reveton ransomware victims

According to court documents, prosecutors claim Uadiale was involved with laundering money obtained from Reveton ransomware victims from “at least October 2012 through at least March 2013.” They claim Uadiale, using the online name Mike Roland, worked with a U.K. man who was using the online name of K!NG.

K!NG allegedly would distribute ransomware, including Reveton, as well as collect the ransom. Victims didn’t pay in bitcoins, but by entering the code found on GreenDot MoneyPak prepaid cards.

Uadiale allegedly obtained prepaid debit cards and, using the online alias of Mike Roland, would use an unnamed messaging program to send K!NG the account numbers for the prepaid cards.

Prosecutors claim that K!NG would transfer the “victims’ ransomware payments from GreenDot MoneyPaks to the prepaid debit card account numbers provided by Uadiale.” Then K!NG “would message Uadiale the last four digits of the loaded prepaid debit cards and the amount loaded on each.”

Uadiale was allegedly responsible for sending a portion of the ransom back to K!NG through Liberty Reserve. Court documents claim “Uadiale would then withdraw the loaded ransomware payments from the prepaid debit cards as cash at automated-teller-machine or point-of-sale locations.”

Uadiale would take the withdrawn money and send part of it to K!NG through the digital currency service Liberty Reserve. The service was shut down in May 2013 by the U.S. government for being used by cyber thugs to launder money.

Prosecutors claim K!NG and Uadiale collected $130,000 in ransom. Uadiale allegedly got 30 percent of it, while K!NG got 70 percent.

Uadiale, who was born in Nigeria but became a U.S. citizen, is free on a $100,000 bond. Uadiale’s attorney claimed his client never met K!NG in person. According to the Sun Sentinel, Uadiale’s lawyer said, “These events occurred about five years ago, and it was for an extremely short period of time. Mr. Uadiale has been extremely responsible and cooperative in this case.”