The U.S. Department of Justice (DoJ) announced the seizure of more than $2.8 million in cryptocurrency from suspected ransomware operator Ianis Aleksandrovich Antropenko.
Antropenko, indicted in Texas for computer fraud and money laundering, was linked to Zeppelin ransomware, a now-defunct extortion operation that ran between 2019 and 2022.
Apart from the digital asset seizure, the authorities also confiscated $70,000 in cash and a luxury vehicle.
“Antropenko used Zeppelin ransomware to target and attack a wide range of individuals, businesses, and organizations worldwide, including in the United States,” reads the U.S. DoJ announcement.
“Specifically, Antropenko and his coconspirators would encrypt and exfiltrate the victim’s data, and typically demand a ransom payment to decrypt the victim’s data, refrain from publishing it, or to arrange the data’s deletion.”
After receiving the ransom payments, Antropenko attempted to launder the amounts on the coin tumbling service ChipMixer, seized by authorities in March 2023.
Other money laundering methods Antropenko used include crypto-to-cash exchanges and structured deposits, meaning breaking large sums into smaller deposits to avoid bank reporting rules.
The Zeppelin ransomware came into existence in late 2019 as a new variant of the VegaLocker/Buran ransomware, targeting healthcare and IT firms through MSP software flaws.
In 2021, following a period of dormancy, Zeppelin operators returned with updated versions, though the encryption scheme used in subsequent attacks indicated sloppiness.
By November 2022 the Zeppelin operation was essentially defunct. It was revealed at that time that security researchers from Unit221b had the decryption key to help victims recover files for free since early 2020.
... continue reading