Two years' jail for down-on-his-luck man who sold ransomware online

What do you do if you're down on your luck?

Maybe you struggled at school through no fault of your own. Perhaps you didn't manage to get any formal qualifications which would help you in the career you're interested in pursuing. Maybe your relationship with your partner - who you have had three kids with - has irrevocably broken down.

You've tried to set up your own business designing websites, but it's not giving you the life you want.

What do you do?

Well, I really hope you don't follow in the footsteps of 43-year-old Suleman Mazhar, who was sentenced by an Irish court at the end of last week, after a joint investigation by Ireland's Garda National Cyber Crime Bureau and the FBI.

Mazhar, of Douglas, Cork, has been jailed for two years after pleading guilty to offences related to his illegal online business that sold ransomware and other malware, as well as stolen credit card details, and false bank accounts.

According to reports, Mazhar made money by advertising his services via the CashoutEmpire website.

Unfortunately for Mazhar, his activities caught the attention of Ireland's cybercrime police, who arrested him in May 2022 at an apartment in Malbaun, County Cork. FBI officers were also present for Mazhar's arrest, as his criminal activities had stretched as far as the United States.

When questioned by police, Mazhar replied "no comment" to each question put to him. But he was found to be in possession of materials designed to create fake payment cards, and a substantial amount of Bitcoin, Ethereum, Litecoin, Dogecoin, Monero, XLM, Dash, and Cardano cryptocurrency.

Unemployed and on a Jobseekers Allowance, Mazhar told a court he was unable to raise bail, and spent months in custody waiting for trial.

Perhaps realising that things were not looking bright, Mazhar pleaded guilty earlier this month to laundering cryptocurrency, and crimes related to the sale of the malware and other services.

Jane Hyland, Mazhar's defence counsel, argued that her client should be shown leniency because his guilty plea had prevented a lengthy and perhaps complex trial. She also asserted that Mazhar had been operating on his own rather than being part of a gang.

As The Irish Times reports, Mazhar's defence team also claimed that Mazhar accepted full responsibility for what he had done and expressed "deep regret."

In all Mazhar is said to have laundered some €80,000 in cryptocurrency (presently worth €200,000 or over US $220,000) through a Coinbase account, knowing that it was the proceeds of crime.

Letters from both Mazhar and his former partner were taken into consideration by the court before the judge's sentence was announced.

Judge Helen Boyle acknowledged Mazhar's early guilty plea and the complexities of the case but highlighted the deliberate nature of his criminal enterprise. Mazhar was sentenced to two years in prison, with the term backdated to account for time already spent in custody .

“Assessing the gravity of the offence, you set up and controlled a website selling false credit cards and malware and you made €80,000 in cryptocurrency. That is now worth €200,000. This was a deliberate criminal enterprise set up and run by you. You controlled and interacted on the website. There was no evidence it was to assist a criminal organisation - you yourself were the criminal organisation," said the judge.

One can only hope that others considering cybercrime will recognise the potential consequences of their illegal activities online, and the commitment of law enforcement agencies to pursue those responsible.