Alleged Money Launderer Behind Ryuk Ransomware Attacks Extradited to the U.S. From the Netherlands
On Wednesday, the United States Justice Department issued a statement indicating that Denis Mihaqlovic Dubnikov, a suspected crypto money launderer, was brought to the United States from the Netherlands to face charges in the District of Oregon.
Alleged Ryuk Ransomware Architect Apprehended
According to the statement, the 29-year-old Russian national made his first appearance in federal court in Portland on August 16, with a five-day jury trial set to begin on October 4.
Dubnikov ran a few small cryptocurrency exchanges in Russia. He was arrested in the Netherlands after being turned away from Mexico and forced to fly back to the EU.
His lawyer at the time stated that the Russian did not know the origin of the funds in his exchanges that American authorities claim came from ransomware payments.
Laundering Proceeds of Ransomware Attacks
U.S. prosecutors accuse Dubnikov and his accomplices of using money laundering techniques to conceal the proceeds from ransomware attacks committed against individuals and organizations in the U.S. and overseas.
In particular, Dubnikov and his co-conspirators are alleged to have laundered ransom money obtained from the Ryuk ransomware attacks victims.
Authorities believe that after Dubnikov and his associates got the ransomware money, they initiated a series of crypto transactions, including international ones, to hide the nature, source, destination, ownership, and control of the capital.
It is believed that Dubnikov laundered more than $400,000 in ransom money in July 2019. Overall, authorities estimate the Ryuk gang cleaned up at least $70 million worth of ransomware proceeds.
Gang Used Stolen IDs to Cash Out BTC on Binance and Huobi
A 2021 report by threat intelligence companies AdvIntel and HYAS showed that extorted funds were collected in holding accounts, transferred to crypto mixing services like Tornado Cash, and then funneled back into the criminal market to fund other illegal activities or cashed out at legitimate cryptocurrency exchanges.
Most ransomware groups use less well-known exchanges to cash out their illicit funds. Ryuk, on the other hand, is said to have converted Bitcoin (BTC) into fiat using accounts on two well-known crypto exchanges, Binance and Huobi, most likely with stolen identities.
Ryuk Identified as an Imminent Cybercrime Threat
The rise of ransomware and digital extortion attacks led to the creation of the Ransomware and Digital Extortion Task Force. Its job is to stop, investigate, and prosecute ransomware and digital extortion by finding and disassembling software, identifying offenders, and holding them responsible.
The arrest of Dubnikov has been described as one of the first potential blows delivered by the Task Force to the Ryuk ransomware gang, accused of being responsible for a spate of cyberattacks on healthcare organizations in the United States.
In October 2020, U.S. law enforcement agencies called Ryuk an imminent and growing threat to the healthcare industry in the U.S. This was after the ransomware hit several hospitals in the country, including Sky Lakes Medical Center in Klamath Falls, Oregon.
Because of the attacks, patients with cancer and other severe conditions had to wait longer for potentially life-saving treatments.
Dubnikov faces a potential sentence of 20 years in jail if convicted.