November 06, 2023Newsroom
The US Treasury Department imposed sanctions against a Russian woman for participating in the laundering of virtual currency for the country’s elite and cybercriminal groups, including the Ryuk ransomware group.
According to the department, Ekaterina Zhdanova is said to have facilitated large cross-border transactions to help Russian individuals gain access to Western financial markets and avoid international sanctions.
“Zhdanova uses entities that lack anti-money laundering/countering the financing of terrorism (AML/CFT) controls, such as OFAC-designated Russian cryptocurrency exchange Garantex Europe OU (Garantex), the Treasury Department said last week. ).
“Zhdanova relied on multiple methods of value transfer to move funds internationally. This included the use of cash and leveraging connections with other international money laundering associates and organizations.”
It is worth noting that Garantex was previously approved by the US in April 2022, which coincided with the takedown of the dark web marketplace known as Hydra.
Zhdanova is also accused of providing services to individuals associated with the Russian Ryuk ransomware group and laundering more than $2.3 million of suspected victim payments on behalf of a Ryuk ransomware affiliate in 2021.
Ryuk, the predecessor to the Conti ransomware, first emerged on the threat landscape in 2018, and has compromised governments, education, healthcare, manufacturing, and technology organizations around the world.
Earlier this February, a 30-year-old Russian citizen named Denis Mihaklovych Dubnikov pleaded guilty in the US to charges of money laundering and attempting to conceal the source of funds received in connection with the Ryuk ransomware attacks.
Ransomware continues to evolve
This growth comes as a record 514 ransomware victims were reported in the month of September 2023, registering a 153% increase year-on-year, and up from 502 in July and 390 in August.
Nearly 100 of these attacks have been attributed to emerging groups like LostTrust and RansomedVC. Some other new entrants seen in recent months include Dark Angels, Night, Money Message and Good Day.
“The record level of ransomware attacks is partly the result of the emergence of new threat actors, including RansomedVC,” NCC Group said late last month.
“Ransomedvc acts as ‘penetration tester’”. However, its approach to extortion also includes claims that any vulnerabilities found in their targets’ networks will be reported in compliance with Europe’s General Data Protection Regulation (GDPR).
The influx of new groups reflects the evolving ransomware landscape, even as more established threat actors continue to adapt and refine their tactics and techniques to evade security controls.
Last month, Palo Alto Networks Unit 42 was reported to have included a utility codenamed Munchkin in its arsenal to disseminate ransomware payloads to remote machines and shares on organization networks victimized by BlackCat.
“This tooling provided a Linux-based operating system (OS) running Sphinx,” Unit 42 researchers said. “Threat operators can use this utility to run BlackCat on remote machines, or deploy it to encrypt remote Server Message Block (SMB)/Common Internet File Shares (CIFS).”
The diversification of ransomware is evidenced by the fact that hacktivist groups like GhostSec – which is part of The Five Families – have entered the fray, releasing a custom locker called GhostLocker for financial gain.
“Even if Ghostlocker doesn’t succeed [ransomware-as-a-service] In the marketplace, it seems clear that this is a turning point as a model,” SOCRadar said. “The fact is that it’s relatively low-priced, works on a very low percentage basis, and almost all is accessible to, ransomware attacks can reach serious levels.”
In its analysis of GhostSec and GhostLocker, cybersecurity firm Uptix described the move as a “surprising departure from their past activities and stated agenda”, given the collective’s history of targeting Israeli entities in support of Palestine.
The rise in ransomware attacks has also inspired a coalition of 50 countries, called the International Counter Ransomware Initiative, which has set up a ban on ever demanding ransom to discourage financially motivated actors and ransomware gangs from profiting from such schemes. Has promised not to pay.
“It is important to adopt a comprehensive defense strategy to protect against ransomware,” Upteex said. “This strategy should include flexible backup systems, effective security software, user training, and a proactive incident response plan.”
Did you find this article interesting? What should I follow Twitter And LinkedIn to read more exclusive content we post.