The US government has sanctioned a Russian national for allegedly laundering millions of dollars worth of victim ransoms on behalf of individuals associated with the notorious Ryuk ransomware group.
According to one announcement by the US Treasury’s Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova, 37, is accused of using virtual currency exchange transfers and fraudulent money-laundering accounts for Russian elites, ransomware groups and other bad actors to help to avoid financial sanctions imposed on Russia’s financial system after the invasion of Ukraine in February 2022.
Ryuk first appeared in 2018 and is known for its attacks targeting the US public sector. In 2020, during the COVID-19 pandemic, the gang was linked to an attack on Universal Health Services, one of the largest healthcare providers in the US, which cost the healthcare giant at least $67 million in lost profits.
OFAC said Zhdanova siphoned off more than $2.3 million in “suspicious victim payments” for a Ryuk ransomware affiliate in 2021. Zhdanova allegedly managed the illicit funds through cryptocurrency exchanges lacking anti-money laundering controls, including of the Russian exchange Garantex. subject to US sanctions in 2022.
Zhdanova also uses brick-and-mortar businesses to maintain access to the international financial system, including through a luxury watch company that has offices around the world, according to OFAC. According Chain analysisa search of Zhdanova’s email address also reveals that she is currently selling a 13-room hotel in Moscow that “yields up to 1,000,000 rubles a month,” or about $11,000 at the time of writing — though it’s not clear the hotel business is related to its alleged money laundering activity.
TechCrunch sent Zhdanova multiple WhatsApp and Signal messages via the phone number included in the listing, but did not receive a response.
Zhdanova was also accused of making virtual currency exchange transfers on behalf of internationally relocated oligarchs. According to OFAC, a Russian oligarch sought out Zhdanova to move more than $100 million in assets on their behalf to the United Arab Emirates and also helped similar clients obtain tax residency in the country, as well as Dubai-based ID cards and bank accounts . .
In February, the US and UK governments sanctioned seven people allegedly connected to a single network behind the Conti and Ryuk ransomware variants, as well as the infamous Trickbot banking trojan. The sanctions came days after Russian citizen Denis Mihaqlovic Dubnikov, 30, pleaded guilty in a US court to laundering Ryuk ransomware funds following his extradition from the Netherlands.
