Ukrainian sentenced to five years in jail for work on Raccoon Stealer

Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data.

According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency. Users predominantly deployed this malware through phishing schemes to extract data from unsuspecting victims. The stolen data included log-in credentials, financial information, and other personal records, often used for financial crimes or sold on cybercrime forums.

Raccoon Infostealer, a potent tool in the cybercriminal arsenal, was dismantled by international law enforcement, alongside Sokolovsky’s arrest, in March 2022. In October 2022, a grand jury indicted Sokolovsky — also known as “Photix,” “raccoonstealer,” and “black21jack77777” —  for charges including conspiracy to commit fraud, money laundering, and aggravated identity theft. He was extradited from the Netherlands to the U.S. in February. 

In a plea deal reached in October, Sokolovsky agreed to forfeit $23,975 and pay restitution of at least $910,844.61. His actions were linked to compromising over 52 million user credentials, which facilitated fraud, identity theft, and ransomware attacks affecting victims worldwide.

U.S. Attorney Jaime Esparza for the Western District of Texas described Sokolovsky as a pivotal figure in an international conspiracy that enabled amateurs to commit significant cybercrimes.  He praised the teamwork of international law enforcement in capturing Sokolovsky and promised to keep working hard to fight cybercrime.

The Raccoon Infostealer had reportedly claimed to cease operations in March 2022 following the death of a developer in the Russian invasion of Ukraine. However, reports suggested a resurgence of the malware by June 2022.