U.S. Authorities Confiscate $2.8 Million in Cryptocurrency from Zeppelin Ransomware Operator
The U.S. Department of Justice (DoJ) announced the seizure of over $2.8 million in cryptocurrency from suspected ransomware operator Ianis Aleksandrovich Antropenko. Antropenko, who has been indicted in Texas for computer fraud and money laundering, was linked to the now-defunct Zeppelin ransomware operation, which targeted individuals, businesses, and organisations globally from 2019 to 2022. In addition to the cryptocurrency, authorities confiscated $70,000 in cash and a luxury vehicle. The DoJ stated that Antropenko and his co-conspirators would encrypt and exfiltrate victims’ data, demanding ransom payments for decryption, data deletion, or to prevent publication. Following these payments, Antropenko attempted to launder the funds using the coin tumbling service ChipMixer, as well as through crypto-to-cash exchanges and structured deposits to evade bank reporting regulations.
Zeppelin ransomware emerged in late 2019 as a variant of VegaLocker/Buran ransomware, primarily targeting healthcare and IT firms via vulnerabilities in Managed Service Provider (MSP) software. After a period of dormancy, the operators returned in 2021 with updated versions, although subsequent attacks revealed a decline in operational quality. By November 2022, the Zeppelin operation was largely inactive, with security researchers from Unit221b having possessed the decryption key since early 2020, allowing victims to recover their files for free. In January 2024, it was reported that the Zeppelin ransomware source code was sold on a hacking forum for a mere $500. The indictment against Antropenko illustrates that evidence can still lead to the identification of ransomware operators long after their activities have ceased. The seizure of the $2.8 million in ransom proceeds aligns with recent actions by U.S. authorities, highlighting the importance of confiscating crime proceeds to disrupt ransomware operations and prevent the reinvestment of funds into criminal infrastructure.
Categories: Ransomware Operations, Cryptocurrency Seizures, Money Laundering Techniques
Tags: Seizure, Cryptocurrency, Ransomware, Antropenko, Money Laundering, Zeppelin, Extortion, Victims, Law Enforcement, Cybercrime