The US Department of Justice (DoJ) announced this week it has authorized the seizure of over $2.8 million USD in cryptocurrency, $70,000 in cash, and a luxury vehicle from a suspected ransomware operator.
Ianis Aleksandrovich Antropenko has been charged by indictment in the Northern District of Texas for conspiring to commit computer fraud and abuse, and conspiracy to commit money laundering.
Antropenko is alleged to have used ‘Zeppelin’ ransomware to target individuals and organizations in the United States and around the world. The Justice Department press release alleges that the seized cash and assets are proceeds of ransomware activity.
The assets were allegedly laundered in part through the cryptocurrency mixing service ChipMixer, which was taken down by an international law enforcement effort in 2023.
Zeppelin was a popular ransomware-as-a-service tool used heavily in 2021-2022. It used double extortion methods to encrypt files and steal data, with demands made to either delete or sell the data on the dark web. The attack was commonly delivered via phishing emails.
Why this matters
The significance of seizing assets from ransomware operators cannot be overstated.
“It should come as no surprise that seizing ransomware funds reduces incentives for criminals to continue their activity,” Cynthia Kaiser, a former FBI Deputy Assistant Director and now SVP Ransomware Research Center at Halcyon, tells Expert Insights.
“But what is sometimes missed is that crypto seizures also decrease the funds criminals have on hand to purchase infrastructure and hire the right people to conduct their next attack.”
“They also reduce launderers’ willingness to work with specific ransomware groups. That’s why law enforcement seizures are so critical: they disrupt ransomware operators’ ability to conduct more attacks in the future.”
The Justice Department are on a roll when it comes to seizing money from ransomware operators.
Just last week, the DoJ announced the seizure of $1 million worth of Bitcoin owned by the Russian ‘BlackSuit (Royal) Ransomware group, including the takedown of four servers and nine domains.
This action was conducted by the Department of Homeland Security, the U.S. Secret Service, IRS Criminal Investigation, the FBI, and international law enforcement from the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania.
“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” said Assistant Attorney General for National Security John A. Eisenberg in the agency’ press release.
“The National Security Division is proud to be part of an ongoing team of government agencies and partners working to protect our Nation from threats to our critical infrastructure.”
In July, the FBI announced it had seized $2.4m USD in Bitcoin (approx. 20 Bitcoins) linked to the ‘Chaos Ransomware Operation,’ and the well-known Conti ransomware gang.
Protecting against ransomware
The best way to secure your business against ransomware is to implement robust security controls.
“The basics still protect against many threats: strong access controls, multi factor authentication, patching vulnerabilities, and segmenting networks,” says Kaiser.
“But protecting against sophisticated ransomware threats requires additional controls, like phishing-resistant multi factor authentication, and defense-in-depth, especially security tools leveraging AI and machine learning specifically trained to detect and stop ransomware activity before disruption occurs.”
“And all organizations should have an incident response plan and practice it regularly.”
