A Russian man, who helped develop the notorious malware called "Citadel" designed to steal personal financial information, was sentenced to five years in prison on Wednesday (20 July). Mark Vartanyan, also known as "Kolypto", pleaded guilty in March to one count of computer fraud after he reached a deal with federal prosecutors.
The 29-year-old man was arrested in Norway in October 2014 and was extradited to the US in December 2016. US District Court Judge said Vartanyan would receive two years of credit for time served in Norway prior to his extradition.
While living in Ukraine and Norway from 2012 to 2014, Vartanyan allegedly helped in the development, improvement, maintenance and distribution of Citadel, a malware toolkit designed to infect computer systems and steal financial account details, personal data and other sensitive information from targeted computer networks.
Threat actors who used the sophisticated malware targeted and exploited the networks of major financial and government institutions across the globe, including several US financial firms. According to industry estimates, Citadel infected about 11 million computers globally, resulting in over $500m in losses.
"Mark Vartanyan utilized his technical expertise to enable Citadel into becoming one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison," US Attorney John Horn said in a statement, Reuters reports.
Federal prosecutor Steven Grimberg said they asked for a five-year sentence because the Moscow native had immediately shown remorse for his actions and began helping the US government in its investigation, the Associated Press reports.
"I have rarely come across an individual who has been as sorry for his role as Mark Vartanyan," Grimberg told the judge.
Vartanyan is the second individual charged in connection with the development and distribution of Citadel malware.
In September 2015, 22-year-old Dimitry Belorossov, also known as "Rainerfox" from St. Petersburg, Russia, was sentenced to four years and six months in prison after he pleaded guilty to conspiring to commit computer fraud for distributing and installing Citadel onto targeted computers using various infection methods.