The Department of Justice (DOJ) unsealed six warrants, allowing agents to seize nearly $3 million in cryptocurrency as well as $70,000 in cash and a luxury vehicle, from the mastermind of a cryptocurrency ransomware scheme.
Prosecutors say Ianis Aleksandrovich Antropenko led a group that used the Zeppelin strain of ransomware to attack individuals, businesses, and other organizations in the U.S. and abroad. The group would encrypt and exfiltrate a victim’s data and then demand ransom payments. That included using multiple extortion tactics, such as threatening to publish stolen information, unless cryptocurrency payments were made.
After receiving the funds, prosecutors say the group laundered the money in various ways, such as using the cryptocurrency mix service ChipMixer, which was shut by law enforcement in 2023, and by exchanging cryptocurrency for cash in ways to avoid bank reporting rules.
The $2.8 million in crypto seized from Antropenko’s wallet represents the amount extorted from the victims.
Law enforcement tracked down the stolen funds through sophisticated blockchain analysis and financial intelligence gathering techniques that traced the flow of illicit funds through various cryptocurrency networks.
The scheme ran from 2019 to 2022. However in 2020, cybersecurity researchers discovered the encryption for the Zeppelin ransomware, allowing them to recover victims’ data free of charge, and essentially making the Zeppelin ransomware defunct.
Antropenko is facing charges in the Northern District of Texas for conspiring to commit computer fraud and abuse, computer fraud and abuse, and conspiracy to commit money laundering.
The FBI Dallas and Norfolk Field Offices and the Virtual Assets Unit are investigating the case. Attorneys with the Computer Crime and Intellectual Property Section (CCIPS), Northern District of Texas, and Eastern District of Virginia are prosecuting the case.
