Russian citizen Denis Mihaqlovic Dubnikov pleaded guilty on Tuesday to laundering money for notorious ransomware group Ryuk for more than three years.

The guilty plea comes after Dubnikov was arrested in Amsterdam in November 2021 and extradited in the United States in August 2022.

He made his first appearance in US federal court in Portland a day after the extradition date, August 17, 2022.

From August 2018 to August 2021, Dubnikov and 13 other accomplices participated in money laundering activities involving the proceeds of Ryuk ransomware attacks targeting individuals and organizations in the United States and around the world.

The conspirators, including Dubnikov, used various financial transactions, including international ones, to hide the origin, location and identity of those who received the ransom payments.

Ryuk is a former ransomware-as-a-service (RaaS) operation active between August 2018 and mid-2020, when cybercrime group Wizard Spider is behind it switched For Conti ransomware.

Conti also ceased operations in May 2022, when he renamed into several smaller units who either launched new operations or infiltrated existing ransomware gangs.

Ryuk Ransomware Submissions at ID Ransomware
Submissions of Ryuk ransomware (ID Ransomware)

Dubnikov laundered Ryuk’s ransom paid by an American company

According to a replacement indictment, after the victims paid the Ryuk ransoms in the form of bitcoins to private wallets, the co-conspirators involved in the money laundering scheme split the payments into smaller amounts. Then they transferred the ransoms to various other private wallets.

The criminal group used hundreds of private wallets to perform these transactions, each with thousands of associated public keys.

They then moved some bitcoin from private wallets to cryptocurrency exchange accounts where bitcoin was exchanged for Tether, other cryptocurrencies, or fiat currency.

The Ryuk ransom proceeds (exchanged into Tether or another cryptocurrency) were then sent to other conspirators’ accounts on other cryptocurrency exchanges to be exchanged for fiat currency (usually Chinese renminbi ) using the “over-the-counter” services of these exchanges.

“Specifically, in July 2019, a US-based company paid a ransom of 250 Bitcoin Ryuk after a ransomware attack. On or around July 11, 2019, in Moscow, Russia, Dubnikov accepted 35 Bitcoin from a co-conspirator in exchange for approximately $400,000,” the Justice Department said in a press release issued today.

“The bitcoin transferred to Dubnikov came directly from the ransom paid by the American company. Dubnikov converted the bitcoin to Tether and sent it to a second co-conspirator, who eventually exchanged it for Chinese renminbi.”

If convicted, Dubnikov could be sentenced to up to 20 years in federal prison, three years of probation and a fine of up to $500,000. The accused will be sentenced on April 11, 2023.



Source link