A Russian citizen is charged in the U.S. for his alleged role in an international cryptocurrency money laundering conspiracy.
A Russian man who was allegedly part of an international cryptocurrency money laundering conspiracy was extradited from the Netherlands to the U.S., federal officials said.
Denis Mihaqlovic Dubnikov, 29, on Aug. 17 made his first appearance in federal court in Portland, Ore., where he was arraigned and pleaded not guilty, the U.S. Justice Department said.
If he is convicted, Dubnikov faces a maximum sentence of 20 years in federal prison, three years’ supervised release, and a fine of $500,000.
Ryuk Ransomware
He and co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the U.S. and abroad, officials said.
Dubnikov, who owns small crypto exchanges in Russia, was detained in the Netherlands in November after he was denied entry to Mexico and put on a plane back to the EU country, according to Radio Free Europe/Radio Liberty.
The arrest has been called one of U.S. law enforcement’s first potential blows to the Ryuk ransomware gang, which is suspected of being behind a rash of cyberattacks on U.S. health-care organizations, RFE/RI said.
The attacks forced delays in potentially life-saving treatments for cancer and other patients.
The group laundered ransom payments extracted from victims of Ryuk ransomware attacks.
First identified in August 2018, Ryuk is a type of ransomware software that, when executed on a computer or network, encrypts files and attempts to delete any system backups.
Threat to Hospitals and Healthcare Providers
In July 2019, Dubnikov allegedly laundered more than $400,000 in Ryuk ransom proceeds, while those involved in the conspiracy laundered at least $70 million, officials said.
Ryuk, which is the name of a character in the Japanese comic book and cartoon series “Death Note,” can target storage drives contained within or physically connected to a computer, including those accessible remotely via a network connection.
The ransomware has been used to target thousands of victims worldwide.
In October 2020, law enforcement officials specifically named “Ryuk as an imminent and increasing cybercrime threat to hospitals and health-care providers in the United States.”
The Ryuk ransomware affected several U.S. hospitals in 2020, including Sky Lakes Medical Center in Klamath Falls, Ore., Oregon Public Radio reported. The indictment said there were multiple victims in Oregon.
The Sky Lakes Medical incident lasted for more than three weeks, as the attack led to the provider upgrading its enterprise system, including 2,000 computers to ensure the hardware was clean and the software up to date, HealthITSecurity reported.
Ransomware Attacks More Aggressive
The indictment said a ransom note was placed onto a computer system when files are encrypted, providing email addresses with which victims could contact the hackers.
The Ryuk actors also provided a cryptocurrency wallet address through which victims could pay ransom to have their files decrypted.
Dubnikov, and his co-conspirators, Ryuk actors, and others involved in the scheme allegedly engaged in various financial transactions to conceal the nature, source, location, ownership, and control of the ransom proceeds.
The arrest comes at a time when analysts say ransomware attacks are becoming more sophisticated and aggressive. Attackers are introducing new strains and updating, enhancing, and reusing old ones, according to the cybersecurity company Fortinet.
“What’s especially troubling as we look at the first half of 2022 is that the number of new ransomware variants we identified increased by nearly 100% compared to the previous six-month period,” the company said. “Our FortiGuard Labs team saw 10,666 new ransomware variants, compared to just 5,400 in 2H 2021.”
‘A Disturbing Trend’
The explosive growth in ransomware can be attributed mainly to ransomware-as-a-service becoming increasingly popular on the so-called dark web, Fortinet said. That’s where cybercriminals use subscription-model services and purchase plug-and-play ransomware to achieve quick paydays.
“Analyzing wiper malware data reveals a disturbing trend of cybercriminals using more destructive and sophisticated attack techniques — in this case, using malicious software that destroys data by wiping it,” the company said.
In the first six months of 2022, “FortiGuard Labs identified at least seven significant new wiper variants used by attackers in various targeted campaigns against government, military, and private organizations.”
Fortinet said this was nearly as many total wiper variants as had been publicly detected in the past 10 years.
“While we saw a substantial increase in the use of this attack vector in conjunction with the war in Ukraine, the use of disk-wiping malware was also detected in 24 additional countries,” the company said.
