Cyber Risk

Russian sentenced in U.S. to five years prison for 'Citadel' malware

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel

(Reuters) - A Russian man who U.S. prosecutors say played a role in developing the sophisticated malware known as “Citadel” used to steal personal financial information from thousands of computers worldwide was sentenced on Wednesday to five years in prison.

Mark Vartanyan, known online as “Kolypto,” was sentenced by U.S. District Court Judge Mark Cohen in Atlanta after pleading guilty in March to computer fraud, federal prosecutors said.

The sentence includes credit for the about two years that Vartanyan spent in Norwegian custody before he was extradited to the United States in December. A lawyer for Vartanyan declined to comment.

Prosecutors said that Vartanyan from 2012 to 2014 while living in the Ukraine and Norway helped develop, improve and maintain Citadel, which was designed to steal financial and personal identification information from computer networks.

Citing industry estimates, prosecutors said that Citadel infected about 11 million computers worldwide and caused over $500 million in losses.

“Mark Vartanyan utilized his technical expertise to enable Citadel into becoming one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison,” U.S. Attorney John Horn said in a statement.

Vartanyan was the second person to be sentenced in connection with the investigation of the Citadel malware.

In 2015, Dimitry Belorossov, a Russian national who prosecutors said distributed and installed Citadel onto computers, was sentenced to 4-/12 years in prison after pleading guilty to conspiring to commit computer fraud.

Reporting by Nate Raymond in Boston; Editing by Andrew Hay