Microsoft engineer charged with money laundering over Reveton ransomware

Alleged ransomware mastermind faces up to 20 years in prison if found guilty

A Microsoft employee has been arrested on suspicion of infecting victims with the Reveton ransomware, and money laundering.

Forty-one year-old Raymond Uadiale, who worked as a network engineer for the software giant, faces a 20-year federal prison sentence for playing a key role in the global ransomware campaign, if found guilty.

Between 2012 and 2013, it is believed that the Microsoft engineer teamed up with a British hacker - dubbed K!NG - to prey on people using the Reveton ransomware.

Law enforcement officials explained that the UK citizen installed the ransomware onto victim's computers, while Uadiale looked after the financial side. He would transfer payments to K!NG.

Reveton is one of the earliest strains of ransomware. When a cyber criminal installs it into someone's computer, their screen is instantly locked and they cannot gain re-entry until they pay a ransom fee.

"Trojan:W32/Reveton is a ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a 'fine' must be paid to restore normal access," according to security firm F5 Labs.

"After the Trojan successfully infects a machine, it will prevent the user from accessing the desktop and will display a fraudulent message alleging that the system was locked by a local law enforcement authority.

"The specific authority mentioned varies depending on the affected user's location, though most of the samples we have seen mainly mentioned various European authorities."

In the past, most ransomware attacks have demanded payment in Bitcoin. However, in this particular attack, the hackers asked victims to purchase GreenDot MoneyPak vouchers - a form of bank pre-payment debit card.

The victims had to enter the voucher code into a screen locker, and from here, K!NG would transfer the money to a debit card obtained by Uadiale.

Throughout the campaign, Uadiale used the fake name of Mike Roland. After shifting the money into Liberty Reserve, a centralised digital currency based in Costa Rica, the attackers pocketed more than $130,000.

Uadiale used Liberty Reserve as a form of money laundering. However, Liberty Reserve was closed down by US authorities in May 2013 and its servers seized. The creator of Liberty Reserve was sentenced to 20 years in prison in May 2016.

If convicted of the charges, Uadiale could spend up to 20 years in prison and be ordered to pay a $500,000 fine. He is currently on bail.