Security News > 2023 > February > Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware
A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks.
"Between at least August 2018 and August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the United States and abroad," the Department of Justice said.
According to DoJ, a chunk of the 250 Bitcoin ransom paid by a U.S. company in July 2019 after a Ryuk attack was sent to Dubnikov in exchange for about $400,000.
Dubnikov is also the co-founder of Coyote Crypto and Eggchange, with the latter headquartered in Federation Tower East, a supertall skyscraper known to harbor several cryptocurrency businesses with ties to money laundering associated with ransomware operations.
According to Chainalysis, Eggchange received over $34 million worth of cryptocurrency from darknet markets, scams, fraud shops, and ransomware operators between 2019 and 2021.
Often delivered through first-stage malware such as TrickBot or BazarBackdoor, Ryuk is also a precursor to the Conti ransomware, which shuttered its operations in May 2022 and splintered into smaller units.
News URL
https://thehackernews.com/2023/02/russian-hacker-pleads-guilty-to-money.html
Related news
- U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions (source)