The U.S. Division of Justice (DoJ) introduced the seizure of greater than $2.8 million in cryptocurrency from suspected ransomware operator Ianis Aleksandrovich Antropenko.
Antropenko, indicted in Texas for pc fraud and cash laundering, was linked to Zeppelin ransomware, a now-defunct extortion operation that ran between 2019 and 2022.
Aside from the digital asset seizure, the authorities additionally confiscated $70,000 in money and a luxurious automobile.
“Antropenko used Zeppelin ransomware to focus on and assault a variety of people, companies, and organizations worldwide, together with in the US,” reads the U.S. DoJ announcement.
“Particularly, Antropenko and his coconspirators would encrypt and exfiltrate the sufferer’s information, and usually demand a ransom cost to decrypt the sufferer’s information, chorus from publishing it, or to rearrange the information’s deletion.”
After receiving the ransom funds, Antropenko tried to launder the quantities on the coin tumbling service ChipMixer, seized by authorities in March 2023.
Different cash laundering strategies Antropenko used embrace crypto-to-cash exchanges and structured deposits, that means breaking massive sums into smaller deposits to keep away from financial institution reporting guidelines.
The Zeppelin ransomware got here into existence in late 2019 as a brand new variant of the VegaLocker/Buran ransomware, concentrating on healthcare and IT corporations via MSP software program flaws.
In 2021, following a interval of dormancy, Zeppelin operators returned with up to date variations, although the encryption scheme utilized in subsequent assaults indicated sloppiness.
By November 2022 the Zeppelin operation was basically defunct. It was revealed at the moment that safety researchers from Unit221b had the decryption key to assist victims get better information at no cost since early 2020.
In January 2024, information got here out suggesting that the Zeppelin ransomware supply code was offered on a hacking discussion board for simply $500.
The indictment in opposition to Antropenko exhibits that proof can result in unmasking ransomware operators even years after halting their cybercriminal actions.
The seizure of the $2.8 million believed to be from ransom proceeds follows different comparable actions that the U.S. authorities introduced not too long ago, together with the confiscation of cryptocurrency value $1 million from BlackSuit ransomware and $2.4 million value of Bitcoin from Chaos ransomware.
Seizing crime proceeds is significant within the combat in opposition to ransomware, particularly in circumstances the place no arrests are made, because it prevents operators and associates from utilizing these funds to rebuild infrastructure or recruit new members.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration developments.
