Ryuk Ransomware Launderer Hit with US Sanctions

Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
Trent Alan
Author Categories
About Author

Trent has a background and education in journalism and communications, with two decades of experience editing and writing on a diverse array of topics. In recent years, however, he has shifted his...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
money laundering
The US has sanctioned a Russian national for money laundering tied to Ryuk ransomware attackers. Image by zephyr_p, Adobe Stock.

A Russian national was sanctioned last week by the US government for allegedly laundering millions in ransom payments on behalf of individuals linked to the destructive Ryuk ransomware group.

Money Laundering for Notorious Ransomware

On November 3, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against 37-year-old Ekaterina Zhdanova. Zhdanova stands accused of leveraging virtual currencies and fraudulent accounts to launder money for ransomware groups, helping them skirt sanctions imposed on Russia’s financial system after the 2022 invasion of Ukraine.

First surfacing in 2018, the Ryuk ransomware is infamous for its brazen attacks on America’s public sector, including a 2020 attack on Universal Health Services which cost an estimated $67 million in lost revenue.

According to OFAC, Zhdanova laundered over $2.3 million in suspected Ryuk victim payments in 2021 alone. The funds were allegedly run through cryptocurrency exchanges lacking anti-money laundering controls, including Russia’s Garantex exchange, which was sanctioned by the U.S. in 2022.

Beyond crypto, Zhdanova purportedly utilizes traditional business channels to maintain access to the global financial system. This includes operating a luxury watch company boasting international offices. Zhdanova is also currently selling a 13-room Moscow hotel that purportedly generates around $11,000 in monthly profits. Whether this legitimate business activity relates to the alleged laundering is still unclear, however.

Additionally, OFAC stated that Zhdanova has conducted virtual currency transfers for oligarchs who relocated overseas. In one case, a Russian oligarch allegedly enlisted Zhdanova’s services to shift over $100 million in wealth to the United Arab Emirates. She also allegedly helped clients obtain residency, IDs, and bank accounts in Dubai.

Combating the Ransomware Threat

The sanctioning of Zhdanova marks the latest effort by the US government to crack down on facilitators of Russia-based cybercriminal groups. In February, the US and UK targeted seven individuals linked to the Conti, Ryuk, and Trickbot malware operations. Days later, a Russian national pleaded guilty in a US court to laundering funds for Ryuk following extradition from the Netherlands.

Cybersecurity experts state that disruption of ransomware money flows is crucial to curbing the growing threat. Ransomware attacks surged in 2022, with Ryuk and other Russia-based variants causing immense financial and operational damage to critical infrastructure worldwide.

While sanctions send a message, more work needs to be done to slow down ransomware emerging from Russia. International cooperation and public-private partnerships will play a key role in identifying and apprehending key figures like Zhdanova enabling these cybercrime groups. For now, the sanctioning represents one small step toward making ransomware a far less lucrative enterprise.

More Articles

Altcoin News
Brazil’s B3 Stock Exchange to Launch Bitcoin Options and Futures for ETH and SOL
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-10 12:05:00
Bitcoin News
University of Austin Launches $5M Bitcoin Investment Fund for Endowment
Hassan Shittu
Hassan Shittu
2025-02-10 11:06:46
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors