Mikhail Shefel Identified as Cybercriminal "Rescator"
/ 4 min read
Quick take - In December 2023, Mikhail Shefel was identified as the cybercriminal known as “Rescator,” who sold over 100 million stolen payment cards and later revealed his identity in an interview, citing financial difficulties and a desire for publicity for new ventures, while facing legal challenges including charges related to a ransomware program.
Fast Facts
- Mikhail Shefel, known as the cybercriminal “Rescator,” was identified by KrebsOnSecurity in December 2023 and has sold over 100 million stolen payment cards from major retailers like Target and Home Depot.
- Shefel revealed his identity due to financial struggles and a desire for publicity for new business ventures, having legally changed his last name to Lenin.
- He has a background as vice president of payments at ChronoPay, a company linked to various online scams, and admitted to operating multiple websites selling stolen card data from 2013 to 2015.
- Shefel faces legal challenges, including charges related to the “Sugar” ransomware, and is scheduled for a court appearance in November 2024, while his associate Ermakov received a two-year probation sentence.
- Despite his criminal past, Shefel claims to be struggling to find legitimate work and has proposed new business ideas, including a pyramid scheme and password recovery services.
Mikhail Shefel Identified as “Rescator”
In December 2023, KrebsOnSecurity identified Mikhail Shefel as the individual behind the cybercriminal alias “Rescator.” Shefel gained notoriety for selling over 100 million stolen payment cards from retail giants Target and Home Depot between 2013 and 2014. He confirmed his identity as Rescator in a recent interview, citing financial difficulties and a desire for publicity for his new business ventures as reasons for his revelation. Notably, Shefel has legally changed his last name to Lenin.
Background and Criminal Activities
Shefel’s background includes a significant role as vice president of payments at ChronoPay, a Russian financial company known for its involvement in various online scams. However, Shefel did not respond to inquiries regarding his partnership with Aleksandr Ermakov, who has been sanctioned for data theft. In April 2023, reports emerged linking Shefel to the theft of Social Security and tax information from South Carolina residents in 2012. From 2013 to 2015, Shefel admitted to operating multiple websites that sold stolen payment card data.
He claimed that Ukrainian hacker Dmitri Golubov was the mastermind behind the breaches at Target and other retailers. Golubov is recognized as a co-founder of Carderplanet, an early Russian-language cybercrime forum. Shefel stated that during his tenure as technical director of a cybercrime community called Lampeduza, he and his team developed malware utilized in the breaches. He also asserted that he introduced Golubov to another hacker known as Helkern, who was said to be subordinate to Golubov.
Recent Developments and Legal Challenges
Financially, Shefel reported earning several hundred thousand dollars from selling stolen cards but later claimed to have been cut out of the business by Golubov. Notably, Golubov had been arrested in 2005 but avoided prosecution and subsequently transitioned into a political career in Ukraine. Following his ousting from the card-selling business, Shefel attempted ventures in a now-defunct search engine and operated a business that compensated users for clicking on ads. He eventually returned to selling malware coding services under the alias “Getsend.”
Shefel’s recent outreach appears to be driven by a need to promote new business ventures, including a pyramid scheme. He contends that he is facing financial struggles and legal challenges, including charges related to a ransomware program named “Sugar.” In February 2024, Shefel and Ermakov were arrested for their involvement with the Sugar ransomware, which specifically targeted individual users. Shefel is scheduled to face charges in a Moscow court on November 15, 2024, while Ermakov received a two-year probation sentence for his role.
It is noteworthy that Russian authorities typically do not prosecute hackers who refrain from targeting local businesses and consumers. Shefel speculates that his prosecution may be influenced by Pyotr Vrublevsky, the son of Shefel’s former boss at ChronoPay. Pavel Vrublevsky, the founder of ChronoPay, has encountered legal troubles, including bankruptcy and fraud accusations. Pyotr Vrublevsky has been accused of running a narcotics advertising campaign and is currently residing in Switzerland. Despite his criminal history, Shefel presents himself as struggling to find legitimate work and has proposed a business partnership focused on password recovery or online retail.
Original Source: Read the Full Article Here
