The warning came soon after the US announced that it was extraditing Glib Oleksandr Ivanov-Tolpintsev (28 of Chernivtsi, Ukraine) over alleged conspiracy, trafficking in unauthorised access devices, and trafficking in computer passwords.
Groove made its presence felt recently by leaking half-a-million credentials for users of Fortinet's VPN services.
The warning was tweeted out by veteran ransomware researcher Brett Callow who works with the new Zealand-based security outfit Emsisoft.
"In the specific case mentioned, the Ukrainian citizen was picked up in Poland and extradited to the US from there," he added, information that was contained in the US media statement.
Translation via Google: If the government of Ukraine does not stop the extradition of its citizens to the United States, we will begin extortion operations against their public sector (Private CIS companies are not interesting) pic.twitter.com/niQGaiovlb— Brett Callow (@BrettCallow) September 9, 2021
It said Ivanov-Tolpintsev was arrested in Korczowa, Poland, on 3 October 2020, and extradited to the US on 7 September this year.
It alleged he had controlled a botnet,using which he conducted brute-force attacks designed to decrypt numerous computer login credentials simultaneously.
"During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2000 computers every week," the statement said.
"Ivanov-Tolpintsev then sold these login credentials on a dark web website that specialised in the purchase and sale of access to compromised computers.
"Once sold, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks."