In another blow against the global networks enabling ransomware operations, a Russian cryptocurrency money launderer pleaded guilty to attempting to conceal at least $400,000 in ransoms paid to criminal hackers.
Denis Mihaqlovic Dubnikov received the illicit funds, which resulted from Ryuk ransomware attacks on unnamed U.S. individuals and organizations, in exchange for bitcoin from criminal hackers, the Justice Department said Tuesday in a press release. He was extradited to the U.S. in August 2022 and pleaded guilty Monday to one charge of conspiracy to commit money laundering.
Dubnikov’s guilty plea in a federal court in Oregon comes two weeks after the Justice Department announced it took down the infrastructure of the Hive ransomware gang, one of the world’s most prolific ransomware operators. It also follows a year in which illicit cryptocurrency activity hit $20.1 billion, an all-time high, and officials around the world touting new get-tough approaches to combating the scourge or ransomware attacks.
One of the most common types of ransomware, Ryuk is often tied to the Russian hacking group known as Wizard Spider. In its release, the DOJ noted that “Ryuk has been used to target thousands of victims worldwide across a variety of sectors. In October 2020, law enforcement officials specifically identified Ryuk as an imminent and increasing cybercrime threat to hospitals and healthcare providers in the United States.”
Law enforcement officials did not identify the specific hacking group that worked with Dubnikov to launder ransom payments. The DOJ said that “between at least August 2018 and August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the United States and abroad.”
In July 2019, according to the DOJ, a U.S. company paid 250 Bitcoin ransom to regain access to files encrypted by Ryuk. Later that month, Dubnikov accepted 35 Bitcoin from that ransom payment in exchange for $400,000.