Skip to main content

How an international cybercriminal hijacked computers through a MN website

Charges against Peteris Sahurovs reveal how he allegedly stole millions of dollars via a Minnesota website.

A Latvian man is accused of sneaking malware onto people's computers through one of Minnesota's most prominent websites – getting millions of dollars in the process.

Peteris Sahurovs was in a Minneapolis courtroom Monday, seven years after authorities say he hijacked fake ads on StarTribune.com to install malicious code on PCs. That code would take over someone's computer with virus warnings, and make them pay money for a fake anti-virus software that would solve the problem.

The 28-year-old Sahurovs, and others involved in the conspiracy, raked in more than $2 million through the scheme, relying on some digital trickery to make it happen, authorities said.

How they did it

According to the indictment (which you can access here via the FBI):

On Feb. 17, 2010, Sahurovs and another suspect sent an email to the Star Tribune claiming to be an online advertising company (which doesn't actually exist) based in Miami. They said they represented Best Western Hotels (which was false), and wanted to buy ad space on StarTribune.com.

The ads started running on Feb. 19, and for the first two days it directed people to a Netherlands-based server that showed a Best Western ad image.

But on Feb. 21, Sahurovs and a cohort secretly replaced the code in the ad. From then on, it instead sent users to a server in Latvia, which bombarded their computers with malware.

The malware made a "Windows Security Alert" pop up (which was of course not from Windows), saying: the computer is infected, do a scan by clicking here, and then buy this software for $49.95 to fix it.

Anyone who didn't buy the software would see their computer taken over by pop-ups, and their files would be inaccessible.

The Star Tribune, realizing users were having slow system performance and crazy pop-ups, pulled the ads within about a day, and notified authorities.

What's happening now

Sahurovs was at one point the fifth most wanted cybercriminal in the world by the FBI. He'd been arrested in Latvia in June 2011 over this StarTribune.com scheme, but was released by courts there and fled, the FBI says.

More than five years later, November of 2016, he was arrested again. He was recently extradited to the U.S. and appeared in a federal courtroom in Minneapolis Monday. The FBI says in a summary more than 1 million people were victimized.

A spokesperson for the Star Tribune told GoMN that, since it's an ongoing legal issue, they don't have a specific comment. But they are "grateful for the dogged efforts of local and international law enforcement" that have worked on the investigation.

Sahurovs is charged with a couple counts of wire fraud, a count of conspiracy to commit wire fraud, and unauthorized access of a computer. He's also suspected of doing the same to other businesses, the FBI says in his public file.

More on 'scareware'

The type of malware Sahurovs is accused of using is a type of "scareware."

That's because it claims your computer is infected by a virus/viruses that don't actually exist. Then the scareware says it can "fix" the computer if you buy their "anti-virus" product. It's all fear-based. (It's similar in some ways to a ransomware attack, in that it holds your computer hostage – but less overt about its motives.)

The FBI suggests always making sure your computer has the latest updates, and has a legit anti-virus program you're familiar with.

The FBI's 2015 internet crime report found there were 43 malware/scareware victims in Minnesota that year, out of 3,294 total such attacks in the U.S.

Next Up

FLickr - AL Franken 2016 - Lorie Shaull

Al Franken to bring comedy tour to Minneapolis

Acme Comedy is hosting the former senator in late August.

Alabama

Alabama replaces Toby Keith as headliner at MN music festival

The Lakefront Music Festival is set to take place in Prior Lake on July 8-9.

16362 County Rd 81, Maple Grove, Minnesota - October 2021 (4)

2-year-old who died in Maple Grove crash identified

The crash happened last Thursday on County Road 81 in Maple Grove.

Image from iOS

Shooting inside Oakdale movie theater: Suspect on the run

A 23-year-old was shot while inside theater 17 around 10 p.m.

Gov. Tim Walz and Scott Jensen.

Walz, Jensen clash over 'extreme' abortion views

The two clashed over the topic on Tuesday, following the Roe v. Wade decision by the U.S. Supreme Court.

Screen Shot 2022-06-28 at 12.24.27 PM

Movie filming brings memorable day for MN teen with leukemia

Ayotzin Limon-Millard was diagnosed with acute myeloid leukemia last year.

Screen Shot 2022-06-28 at 1.25.30 PM

Police trying to ID 'Playboy bandit' and 'no-pants raider' suspect

Police are calling the unidentified man "the Playboy bandit" and the "no-pants raider."

storm, severe, shelf cloud

Twin Cities under severe thunderstorm watch Tuesday afternoon

Large hail and damaging winds are the main threats.

Screen Shot 2022-06-28 at 9.27.30 AM

Famous Dave's family brings new BBQ biz to the south metro

The newest Twin Cities location is the first to offer wine slushies on the menu.

storm, shelf cloud, severe weather

Large hail possible with strong storms in eastern MN, WI

Watch the forecast update with meteorologist Sven Sundgaard.

Tony Evers, Wisconsin governor

WI governor vows to protect anyone charged with abortion crimes

“You think it’s bad now? The four Republicans that are going after me, one of them we’re going to beat, they are going to make it worse," Evers said.

covid

Minnesota's COVID-19 update for Tuesday, June 28

The state will stop providing daily updates and move to weekly editions beginning Thursday, June 30.

Related

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

Anyone can see your personal info on this website and it's creeping people out

Anyone can search your name to find your age, address, family members, etc.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

Update: Amazon says everything's fixed, the internet should be normal

It's not just you. Lots of websites and apps were having trouble today.