- 11
- 0
The U.S. Department of Justice announced the seizure of more than $2.8 million in cryptocurrency from the alleged operator of the Zeppelin ransomware, Yanis Aleksandrovich Antropenko.
Antropenko faces computer fraud and money laundering charges in Texas and is suspected of being connected to Zeppelin ransomware , a now-defunct malware that was active from 2019 to 2022.
[td]“Antropenko used the Zeppelin ransomware to target a wide range of individuals, companies, and organizations around the world, including the United States,” the Justice Department said in a statement. “Specifically, Antropenko and his co-conspirators encrypted and stole victims’ data, typically demanding ransom for decrypting the data and for not publishing or deleting [the stolen information].”[/td]After receiving the ransoms, Antropenko reportedly attempted to launder the funds through the cryptocurrency mixing service ChipMixer, which was shut down by law enforcement back in March 2023.
Other methods of money laundering used by the suspect include exchanging cryptocurrencies for cash and structured deposits, which means breaking large sums into smaller deposits to circumvent bank reporting rules.
In addition to confiscating digital assets worth a total of $2.8 million, authorities also seized $70,000 in cash and a luxury car from Antropenko.
Recall that the Zeppelin ransomware appeared in late 2019 and was a new variant of the VegaLocker/Buran malware. The malware attacked medical and IT companies in Europe and North America through vulnerabilities in the software of MSP providers.
However, the ransomware did not work on machines in Russia, Ukraine, and the CIS countries, including Kazakhstan and Belarus. This is a very interesting nuance, since other variants of malware from the Vega family, also known as VegaLocker and Buran, were targeted specifically at Russian-speaking users.
By the end of 2022, Zeppelin's activity had practically ceased to exist. Then it became known that specialists from the information security company Unit221b had been helping companies affected by Zeppelin attacks for several years. The fact is that the experts managed to discover a number of vulnerabilities in the ransomware, which were used to create a working decryptor.
As a result, in January 2024, KELA specialists reported that the source code of the Zeppelin ransomware and a hacked version of the builder were being sold on a hacker forum for only $ 500. @
Antropenko faces computer fraud and money laundering charges in Texas and is suspected of being connected to Zeppelin ransomware , a now-defunct malware that was active from 2019 to 2022.
Other methods of money laundering used by the suspect include exchanging cryptocurrencies for cash and structured deposits, which means breaking large sums into smaller deposits to circumvent bank reporting rules.
In addition to confiscating digital assets worth a total of $2.8 million, authorities also seized $70,000 in cash and a luxury car from Antropenko.
Recall that the Zeppelin ransomware appeared in late 2019 and was a new variant of the VegaLocker/Buran malware. The malware attacked medical and IT companies in Europe and North America through vulnerabilities in the software of MSP providers.
However, the ransomware did not work on machines in Russia, Ukraine, and the CIS countries, including Kazakhstan and Belarus. This is a very interesting nuance, since other variants of malware from the Vega family, also known as VegaLocker and Buran, were targeted specifically at Russian-speaking users.
By the end of 2022, Zeppelin's activity had practically ceased to exist. Then it became known that specialists from the information security company Unit221b had been helping companies affected by Zeppelin attacks for several years. The fact is that the experts managed to discover a number of vulnerabilities in the ransomware, which were used to create a working decryptor.
As a result, in January 2024, KELA specialists reported that the source code of the Zeppelin ransomware and a hacked version of the builder were being sold on a hacker forum for only $ 500. @