FBI War on Cybercrime Update
The FBI has announced 15 arrests, indictments, seizures, and prison sentences this year in its war on cybercrime
As the investigative arm of the U.S. Department of Justice, the Federal Bureau of Investigation is charged with exploring cyberattacks and intrusions that affect organizations such as power utilities, telecommunications networks, hospitals, schools, and other infrastructure vital to our communities. The FBI leads law enforcement actions against individuals engaging in cybercrime, collaborates with international agencies to address transnational crimes, and works with U.S. Attorneys to prosecute cybercriminals.
Year-to-date, the FBI has announced 15 arrests, seizures, indictments, operational disruptions, and prison sentences for cybercriminals. The small sample below offers a sense of the scale and variety of these cybercrimes and the associated penalties.
Cryptocurrency and money laundering played a role in financing a number of these cybercrimes, and in multiple cases criminals operated online marketplaces for the purpose of selling cybercrime tools and stolen data.
Disabling Money Laundering Operations That Finance Cybercrime
On March 7, 2025, the Justice Department announced a coordinated action with Germany and Finland to take down the online infrastructure used to operate Garantex—a cryptocurrency exchange that enabled money laundering by transnational criminal organizations, including terrorist organizations. Garantex has processed some $96 billion in cryptocurrency transactions since 2019. German and Finnish law enforcement seized servers hosting Garantex operations, and U.S. law enforcement froze more than $26 million in funds that were used to facilitate the money laundering activities.
The DOJ also unsealed an indictment against Aleksej Besciokov, 46, a Lithuanian national and Russian resident, and Aleksandr Mira Serda (AKA Aleksandr Ntifo-Siaw), 40, a Russian national and United Arab Emirates resident. Each is charged with conspiracy to commit money laundering, which carries a maximum penalty of 20 years in prison. Besciokov is also charged with conspiracy to violate the International Emergency Economic Powers Act (maximum penalty 20 years in prison) and conspiracy to operate an unlicensed money transmitting business (maximum penalty five years in prison).
On March 27, 2025, the DOJ announced that a scheme to finance terrorism was disrupted by the seizure of more than $200,000 in cryptocurrency intended to benefit Harakat al-Muqawama al-Islamiyya (HAMAS). The seized funds were traced from fundraising addresses that have been used to launder more than $1.5 million in virtual currency since October 2024.
Per court documents, a HAMAS-related group chat on an encrypted communications platform provided HAMAS supporters worldwide with at least 17 cryptocurrency addresses that accepted donations and were changed frequently to avoid detection. Among other assets seized by the FBI were accounts containing cryptocurrency valued at $111,500 that were registered in the names of Palestinian individuals living in Turkey and elsewhere.
According to an FBI spokesperson, “Countering terrorism remains the FBI’s number one priority. This success demonstrates that financial warfare is a critical component to fight terrorism.”
Disrupting Ransomware Extortion
Ransomware continues to figure prominently in the war on cybercrime. In February 2025, the DOJ unsealed 11 counts of criminal charges against Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, both Russian nationals, whose ransomware schemes victimized more than 1,000 public and private entities in the U.S. and globally, including a children’s hospital and three healthcare organizations in the U.S. In all, the two extorted more than $16 million in Bitcoin ransom payments. The men were arrested in February in a coordinated international disruption of their criminal organization including more than 100 servers that supported the criminal network.
According to the press release, Berezhnoy, Glebov, and others hacked into victim computer networks, copied and stole files and programs on the victims' networks, and encrypted the original versions of the stolen data with Phobos ransomware. They then extorted the victims for ransom payments in exchange for decryption keys to regain access to their encrypted data.
Berezhnoy and Glebov face decades in prison, including a maximum penalty of 20 years for each count of wire fraud, 10 years for each count of computer damage, and five years for each of the other crimes.
Shutting Down Nemesis Market for Illegal Drug Trafficking
In a major victory in the war on cybercrime, on April 17, 2025, a DOJ Press Release announced that a federal grand jury has charged Behrouz Parsarad, 36, of Tehran, Iran, for his role in founding and operating Nemesis Market, a dark web marketplace for illegal drugs and criminal cyber-services. U.S. law enforcement, in cooperation with German and Lithuanian authorities, seized Nemesis Market on March 20, 2024 and stopped the flow of drugs.
Between 2021 and 2024, Nemesis Market processed more than 400,000 orders. More than 55,000 orders were categorized as stimulants, which included methamphetamine, cocaine, cocaine base (crack), and other controlled substances. More than 17,000 orders were categorized as opioids, including fentanyl, heroin, and oxycodone.
Parsarad faces a mandatory minimum penalty of 10 years in federal prison and a maximum penalty of life in prison for distribution of controlled substances. He is also charged with money laundering, using proceeds to promote illegal drug dealing, and offering money laundering services through Nemesis Market.
Closing Websites That Sell Stolen Data and Hacking Tools
On January 30, 2025, the DOJ announced a multinational operation involving the U.S., Romania, Australia, France, Germany, Spain, Italy, and Greece to disable the infrastructure of two online cybercrime marketplaces known as Cracked and Nulled.
Cracked had been selling stolen login credentials, hacking tools, servers for hosting malware and stolen data, and other tools enabling cybercrime and fraud since March 2018. Cracked had over four million users, over 28 million posts advertising cybercrime tools and stolen information, generated some $4 million in annual revenue, and impacted at least 17 million victims from the U.S. One product advertised on Cracked offered access to “billions of leaked websites” allowing users to search for stolen login credentials.
Nulled had been selling stolen login credentials, stolen identification documents, hacking tools, and other cybercrime tools since 2016. Nulled had over five million users, more than 43 million posts advertising cybercrime tools and stolen information, and generated approximately $1 million in yearly revenue. One product advertised on Nulled purported to contain the names and social security numbers of 500,000 American citizens. The DOJ seized the Nulled website domain and revealed charges against administrator Lucas Sohn, 29, an Argentinian national residing in Spain. Sohn faces a maximum penalty of 30 years in prison: 15 years for identity fraud, 10 for access device fraud, and five years for conspiracy to traffic in passwords.
Also in January 2025, in coordination with Dutch national police, the FBI seized 39 cybercrime websites and their servers and disabled a Pakistan-based international network of online marketplaces selling hacking and fraud-enabling tools. According to the affidavit, Saim Raza (AKA HeartSender) has used these sites since at least 2020 to sell phishing kits, scam pages, and email extractors to transnational organized crime groups.
Saim Raza trained new buyers with YouTube videos explaining how to conduct scams using the malicious programs, and advertised its tools as “fully undetectable” by antispam software. The cybercriminals who purchased these tools primarily used them to facilitate business email compromise (BEC) schemes in which they tricked victim companies into making payments to a third party, defrauding U.S. victims of over $3 million. The tools were also employed to acquire user credentials for fraudulent purposes.
As a final sample of the FBI's recent war on cybercrime, an American-based criminal marketplace, BreachForums, created and operated by Conor Brian Fitzpatrick, 22, of Peekskill, New York, enabled cybercriminals to buy, sell, and trade hacked or stolen data and other contraband. Some 14 billion stolen records included bank account information, social security numbers, other personally identifiable information (PII) and IDs, and account login information for compromised online accounts with service providers and merchants. The marketplace also offered hacking tools and services.
In an unusual set of circumstances, in January 2025, Nonstop Health, an insurance company whose healthcare data was stolen in 2023 and posted for sale on BreachForums, agreed to settle a class action suit against it with a payment of $1.5 million. Fitzpatrick was added to the lawsuit as a third party defendant following his arrest by the FBI, and in May 2025 forfeited criminal proceeds of nearly $700,000 in his share of the settlement.
Although prosecutors had sought a 16-year prison term reflecting the nature and scope of his crimes, Fitzpatrick initially received a lenient sentence allowing for time served plus 20 years of supervised release. In January 2025, an appeals court vacated the original sentence, ruling that the lower court failed to adequately consider (1) the gravity of Fitzpatrick’s crimes, (2) his lack of remorse during the proceedings, including threatening to sell government secrets to foreign nations, and (3) his blatant violation of court-ordered internet restrictions. Resentencing is pending.
Summary
Cybercrime is relentless and is rarely victimless. With online markets making it easy for cybercriminals to sell their stolen data, personal information will continue to be stolen and sold. With dark websites laundering money for criminal causes, funds will continue to be raised and laundered. Every shuttered money laundering site, every blown ransomware operation, every closed criminal marketplace means that cybercriminals have to work harder to profit.
While it takes the combined power of the FBI, its parent DOJ, and their domestic and international law enforcement partners to wage the war on cybercrime, public organizations and private businesses have an important role to play. To learn more about what you can do, contact us. We have services, tools, and other resources to help you reduce cybercrime by securing your organization, protecting your systems, and safeguarding your data.
