On February 7, 2023, a Russian national named Denis Mihaqlovic Dubnikov pleaded guilty in the United States to money laundering charges and for attempting to hide the origin of funds obtained from Ryuk ransomware attacks. Dubnikov, 30, was arrested in Amsterdam in November 2021 and extradited to the US in August 2022. From August 2018 to August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on people and organizations in the US and other countries. The Department of Justice said they used various criminal methods to cover up the money trail. For example, in July 2019, a US company paid a ransom of 250 Bitcoin to Dubnikov in exchange for about $400,000. The Bitcoin was then converted to Tether and sent to a co-conspirator, who exchanged it for Chinese Renminbi. In total, the criminals are believed to have laundered at least $150 million in ransom payments. Dubnikov is also the co-founder of Coyote Crypto and Eggchange, which is based in Federation Tower East, a skyscraper known for its cryptocurrency businesses that are linked to money laundering related to ransomware operations. According to Chainalysis, Eggchange received over $34 million worth of cryptocurrency from darknet markets, scams, fraud shops, and ransomware operators between 2019 and 2021. Ryuk, which first appeared in 2018, is attributed to a threat actor known as Wizard Spider and has targeted governments, universities, healthcare, manufacturing, and technology organizations. It is usually delivered through TrickBot or BazarBackdoor malware and is often a precursor to the Conti ransomware, which stopped its operations in May 2022 and split into smaller groups.
This Cyber News was published on thehackernews.com. Publication date: Wed, 08 Feb 2023 11:35:03 +0000