Ryuk, a mainstay of the ransomware scene for some years until it transformed into Conti (and then split off into other groups after that), is back in the news again… though not in the way you might have imagined.
It's not a compromise, or a surprise comeback. What we have is a guilty plea, as a Russian citizen is the focus of a ransomware-centric money laundering story.
Hiding in plain sight does not seem to have gone well for "former crypto-exchange executive" Denis Mihaqlovic Dubnikov. After an arrest back in 2021 and an extradition to the US last year, he's had some appearances in court (not to mention an assortment of other individuals tangled up in the case) accused of money laundering in relation to Ryuk attacks across the globe.
The Ryuk ransoms, paid in cryptocurrency such as Bitcoin, were split into smaller portions and then forwarded on to multiple cryptocurrency wallets and then placed into exchange accounts for other forms of currency. Eventually, the money would find its way into the hands of other people involved in the various schemes.
All of these cash daisy chains were to help evade detection by law enforcement.
From the indictment release:
> The Ryuk actors used anonymous private wallets in their ransom notes, allowing them immediately to conceal the nature, location, source, ownership, and control of the ransom payments. After receiving the ransom payments, the Ryuk actors, defendants, and others involved in the scheme engaged in various financial transactions, including international financial transactions, to conceal the nature, source, location, ownership, and control of the ransom proceeds. They also used proceeds from the ransom payments to facilitate or promote the specified unlawful activities.
The ransom notes made it clear that files would be deleted after two weeks should ransoms not be paid. As you can imagine, this rather blunt threat tended to spur people quickly into paying up–in total around $150m was paid.
The numbers involved in this case are rather large, to say the least. In a roughly four month span in the middle of 2019, one defendant "laundered more than $2 million in Ryuk ransom proceeds". Another laundered more than $600 in March of that same year. These figures are typical of the figures listed next to the other as yet unnamed defendants. The biggest of all these weighs in with a tally of more than $35 million in ransom proceeds from around February 2020 to somewhere in July 2021.
It’s astonishing to think that all of this took place over a period of just three years.
Make no mistake, this was a big money operation. While we don't know the exact details in relation to the other defendants, Bleeping Computer notes that Dubnikov could be facing anything up to 20 years in prison with a fine of up to $500,000 which doesn't seem all that big compared to the kind of numbers the group was allegedly throwing around. Either way, we'll know his fate come April.
While you likely don't have to worry about Ryuk lurching onto your systems anytime soon, ransomware itself is a perennial problem and isn't going away. It targets business, individuals, every industry you can think of. There are bedroom coders, professional gangs, ransomware as a service, and much more.
Whether we're talking single, double, or even triple threat ransomware, the problem is very real.
What can we do about it?
We don't just report on threats–we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.