Denis Mihaqlovic Dubnikov, a Russian national, has confessed in an American court to laundering cryptocurrency for the Ryuk ransomware gang. Ryuk is a type of malicious software that encrypts files and was used by the same criminals who ran the Trickbot botnet. In 2021, security experts estimated that the Ryuk operation was worth over $150 million. Ryuk was then replaced by the Conti ransomware. According to court documents, between August 2018 and August 2021, Dubnikov, now 30, laundered the money from Ryuk ransomware attacks on entities in the US and other countries. In a typical ransomware attack, hackers break into the systems of people or organizations, deploy the file-encrypting malware, and use it to make the data on the infected systems unusable. The victim is usually asked to pay a ransom in exchange for a decryption key. Dubnikov, who was arrested in the Netherlands in November 2021 and extradited to the US in August 2022, was involved in various financial transactions to hide the source and ownership of the ransom money from Ryuk attacks. After one ransomware attack, a US-based company paid a 250 Bitcoin ransom to Ryuk criminals, who then transferred 35 Bitcoin to Dubnikov, in exchange for around $400,000. Dubnikov then changed the Bitcoin to Tether and sent it to another co-conspirator, who exchanged it for Chinese Renminbi. Dubnikov's co-conspirators laundered additional funds from the ransom payment. According to court documents, Dubnikov was paid for his role in the scheme. Dubnikov has pleaded guilty to one count of conspiracy to commit money laundering and he faces up to 20 years in prison and a $500,000 fine.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 08 Feb 2023 13:34:03 +0000