$2.8 Million Cryptocurrency Seizure from Ransomware Operator That Targeted Healthcare
Hot on the heels of the Blacksuit ransomware disruption comes another announcement about major enforcement action against a ransomware group. The U.S. Department of Justice has announced the seizure of $2.8 million in cryptocurrency from the suspected operator of the now-defunct Zeppelin ransomware group.
Six warrants were recently unsealed by federal prosecutors in the U.S. District Courts for the Eastern District of Virginia, the Central District of California, and the Northern District of Texas, which authorized the seizure. The funds were held in a cryptocurrency wallet controlled by Ianis Aleksandrovich Antropenko, who has been indicted in Texas on charges of computer fraud and money laundering. A luxury vehicle and $70,000 in cash were also seized. The funds are suspected of being obtained from companies attacked with Zeppelin ransomware between 2019 and 2022.
While Zeppelin was not the most prolific ransomware operation, the group was responsible for attacks on many U.S. entities, especially those in healthcare and IT, typically targeting vulnerabilities in MSP software. Zeppelin was a ransomware-as-a-service (RaaS) operation that paid affiliates to conduct attacks for a cut of any ransom payments they generated. The group engaged in data theft, file encryption, and extortion, demanding payment for the decryption keys and to ensure data deletion.
The proceeds from the attacks were laundered in a number of ways, such as exchanging the funds for cash and depositing them in structured cash deposits. ChipMixer, a dark web cryptocurrency mixing service, was also used to hide the origin of the cryptocurrency. Through ChipMixer, funds were cashed out in untraceable chips that could be paid into clean cryptocurrency wallets. ChipMixer was taken down in an international law enforcement operation in 2023 that was coordinated by Europol. The operation resulted in the seizure of $46.5 million in cryptocurrency. According to the DOJ, some of the funds were
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While the Blacksuit operation was conducted against an active ransomware group, the latest announcement shows that action can and will be taken against cybercriminals for their historic crimes. This case is being handled by Trial Attorney Benjamin Bleiberg of the Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Jongwoo “Daniel” Chung for the Northern District of Texas.
Since 2020, CCIPS has obtained court orders to seize more than $350 million in victim funds and has secured the convictions of more than 180 cybercriminals. Along with partners such as the FBI, CCIPS has disrupted the operations of many ransomware groups and has prevented payments of over $200 million by victims of ransomware groups.
