U.S. Extradited Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang
By Mengqi Sun, Aug. 18, 2022, WSJT
A Russian national who was extradited from the Netherlands to Portland, Ore., this week pleaded not guilty to charges of allegedly laundering cryptocurrency proceeds from ransomware attacks in the U.S. and abroad, the Justice Department said.
Denis Dubnikov, a 29-year-old Russian, was arraigned in federal court for the District of Oregon on Wednesday. Prosecutors alleged that Mr. Dubnikov and his co-conspirators laundered bitcoin extracted from victims of Ryuk ransomware attacks through
financial transactions, in both crypto and fiat currencies, to conceal the source of the funds.
After entering his plea, Mr. Dubnikov was released from custody under several conditions, including monitoring of his computer activity, according to court documents.
At least twelve more individuals are facing charges in the case, according to a court indictment unsealed Wednesday. Their names were redacted in the indictment, and prosecutors didn’t identify Mr. Dubnikov’s alleged co-conspirators.
A Moscow entrepreneur, Mr. Dubnikov was detained while on vacation in Mexico last November, The Wall Street Journal previously reported. He was expelled from Mexico and put on a plane to Amsterdam, where Dutch police arrested him on Nov. 2 on a U.S.
charge of conspiracy to commit money-laundering, according to his lawyer Arkady Bukh. He intended to plead not guilty to a U.S. charge of conspiracy to commit money-laundering, his lawyer said at the time.
The DOJ accused Mr. Dubnikov of receiving and laundering more than $400,000 in Ryuk proceeds in 2019, and alleges those involved in the conspiracy laundered at least $70 million in ransom proceeds.
Identified in 2018, Ryuk is a type of ransomware that encrypts files and attempts to delete any system backups on a computer or network. The Ryuk actors directed victims to pay in bitcoin and provided them with a wallet address to make the ransom
payments, according to court documents.
Ryuk has been used to target thousands of victims worldwide, and U.S. authorities have identified it as an increasing threat particularly to hospitals and healthcare providers in the U.S.
Mr. Dubnikov is scheduled to face a jury trial starting on Oct. 4. If convicted, he faces up to 20 years in prison.
David Angeli, an attorney at Angeli Law Group LLC in Portland, Ore., who is representing Mr. Dubnikov, declined to comment.
The extradition comes as ransomware continues to be one of the top cybersecurity risks facing the Biden administration. Last year alone, ransomware attacks stopped the delivery of gasoline and other fuel through the Colonial Pipeline; threatened the
nation’s food supply by shutting down meatpacker JBS SA, and put at risk patients’ lives by closing down hospital computer systems during a pandemic.
https://www.wsj.com/articles/u-s-extradited-russian-accused-of-money-laundering-tied-to-ryuk-ransomware-gang-11660851002
=========
U.S. Accuses Russian of Money Laundering for Ryuk Ransomware Gang
By Robert McMillan and Kevin Poulsen, Nov. 12, 2021, WSJ
A Moscow entrepreneur was detained during a vacation abroad this month and is now facing extradition to the U.S. on charges that he helped a notorious Russian ransomware group launder payments.
The case marks the first arrest in connection with the Ryuk ransomware group, which gained notoriety with a string of attacks last year targeting U.S. hospitals already strained by the Covid-19 pandemic.
Denis Dubnikov, a Russian citizen, was expelled from Mexico and placed on a plane to Amsterdam, where Dutch police arrested him on Nov. 2 on a U.S. charge of conspiracy to commit money laundering, according to his lawyer Arkady Bukh.
He is accused of receiving over $400,000 in bitcoin out of the millions paid to the Ryuk gang by ransomware victims, according to an extradition request sent to Dutch authorities by the Justice Department.
Mr. Dubnikov “will be pleading not guilty because he had no knowledge of someone engaging in criminal activity,” Mr. Bukh said.
According to public records, Mr. Dubnikov is the founder and general manager of Briefcase LLC, a legal services firm in Moscow. The company said it was closely monitoring the situation in a statement posted on its website following the arrest.
Mr. Dubnikov, 29 years old, is being sought to stand trial as part of a FBI investigation of Ryuk, which was linked to 1/3 of all U.S. ransomware attacks in 2020, according to cybersecurity firm SonicWall. Since it was first observed in August 2018, Ryuk
has been linked to at least 2,400 ransomware incidents, says the Justice Dept request, which was viewed by The Wall Street Journal. Extortion payments to the group totaled over $100 million last year, according to the bitcoin analysis firm Chainalysis.
The allegations of Mr. Dubnikov’s connection to Ryuk and the money-laundering charges against him detailed in the Justice Dept extradition request haven’t been reported. His arrest was reported last week.
Mr. Dubnikov was charged in a sealed indictment in Portland OR, in August after the FBI traced a portion of Ryuk’s ransom income to bitcoin wallets operated under Mr. Dubnikov’s name at financial exchanges, according to the extradition request. A
Justice Dept spokeswoman declined to comment.
Over the past year, ransomware has emerged as the top cybersecurity threat facing the Biden admin. These attacks have stopped the delivery of gasoline and other fuel via the Colonial Pipeline, threatened the nation’s food supply with a shutdown at
meatpacker JBS SA, and threatened patients’ lives by shutting down hospital computer systems during a pandemic.
Cyber experts consider Ryuk to be one of the worst of all ransomware actors, in part because of their reputation for ruthlessness. The Journal reported in June that Ryuk had attacked at least 235 general hospitals and inpatient psychiatric facilities,
plus dozens of other healthcare facilities in the U.S., since its emergence in 2018. The group’s average ransom demand was just under $700,000, according to ransomware negotiation firm Coveware.
In recent months, the U.S. govt has taken steps to push back on the ransomware problem. On Monday, U.S. officials said they had arrested a Ukrainian national on charges he had launched the REvil ransomware attack on technology company Kaseya Ltd., which
disrupted about 1,500 businesses in July. The Justice Dept also said they had seized $6.1 million in digital currency tied to another ransomware operator.
U.S. authorities have pushed against the financial institutions that, they say, help the ransomware operators get paid. In September, the Treasury Department blacklisted SUEX OTC over its alleged processing of ransomware payments, marking the first time
U.S. authorities had sanctioned a cryptocurrency exchange. This week it sanctioned another exchange, called Chatex, saying it too had been linked to ransomware. SUEX and Chatex didn’t respond to emails seeking comment.
Collectively the arrests are chipping away at the sense of impunity that many involved in ransomware had previously felt, said Bill Siegel, Coveware’s chief executive. “A lot of these groups and the ransomware affiliates truly believe that they are
at no risk of having anything happen to them,” he said. “And that changes when you arrest high-profile affiliates.”
Actions against exchanges and money facilitators used by ransomware gangs is also extremely important, Mr. Siegel said. “Shutting down these paths to launder the money makes it more expensive,” he said. “That decreases their margins and makes their
whole industry less profitable.”
https://www.wsj.com/articles/u-s-accuses-russian-of-money-laundering-for-ryuk-ransomware-gang-11636741333
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)