Close this search box.

U.S. Sanctions Russian Enabler Accused of Laundering Ransomware Funds

The author

Who are the people the ransomware groups most rely on for their business model?

Most commentators fall back on the conventional view that the ransomware industry’s main protagonists are the clever but amoral hacker masterminds looking to make big bucks.

But occasionally we get a glimpse that what’s inside the criminality’s black box might be more complicated than this picture suggests. A rarely mentioned group are the financial enablers who keep the whole ransomware show working efficiently and are probably just as important as any programmer.

Laundering Operations

Take, for example, Russian national Ekaterina Zhdanova, recently sanctioned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) for allegedly helping ransomware groups receive and launder illicit funds.

It’s claimed that Zhdanova helped to launder $2.3 million in cryptocurrency ransom payments for a RYUK ransomware affiliate as part of that group’s high-profile attacks.

At the heart of this activity was Russian cryptocurrency exchange Garantex, a company located in the now notorious Federation Tower skyscrapers in Moscow believed to house other, similar laundering operations.

We covered the importance of the brash Federation Tower complex in an April 2022 blog that examined its role as a criminal hub (which is not to say that perfectly legitimate businesses don’t also use the complex).

In truth, the $2.3 million sum is a huge under-statement of the money gathered by RYUK—an early 2021 estimate put its earnings as at least $150 million at that time.

According to OFAC, her business was a sophisticated operation reaching across the globe:

“Zhdanova relies on multiple methods of value transfer to move funds internationally. This includes the use of cash and leveraging connections to other international money laundering associates and organizations,” said the press release. And there are details that are unexpected. Far from being a backstreet operation, this business was in some respects very public.

“Zhdanova also uses traditional businesses to maintain access to the international financial system, including through a luxury watch company that has offices around the world.”

Criminal Expertise Ecosystem

Skyscrapers, expensive watches, and fancy offices in far-flung places are a far cry from the idea of small town sociopath hackers in basements, but probably just as important to the ransomware industry’s success.

It seems that Zhdanova’s alleged connection to ransomware was only one part of a much larger criminal enterprise taking in several layers of financial knowhow.

The takeaway is that ransomware doesn’t exist in a vacuum and depends on an ecosystem of criminal expertise to allow it to operate. A lot of that isn’t obvious and requires connections, as well as a knowledge of the system and its weaknesses and loopholes. There’s even an argument that today’s financially integrated ransomware is an outgrowth of organized crime rather than a standalone enterprise that uses its services. That wasn’t true a decade ago but these days with a lot of money to be made the enablers and financial kingpins have muscled in to take their no doubt substantial cut.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap