The Federal Bureau of Investigation (FBI) has seized over $2.8 million in cryptocurrency from a man who is being suspected of conducting ransomware attacks with the malicious software Zeppelin.
According to the FBI, the suspect, a man called Ianis Aleksandrovich Antropenko, used Zeppelin ransomware to target and attack numerous businesses and organizations in the United States.
“Antropenko and his coconspirators would encrypt and exfiltrate the victim’s data, and typically demand a ransom payment to decrypt the victim’s data, refrain from publishing it, or to arrange the data’s deletion,” the Department of Justice states in a press release.
The feds seized over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle, all of which was gained from ransomware activities. All of the cryptocurrency was seized from a wallet that was controlled by Antropenko.
According to the FBI, those assets were laundered in various ways, including by using the cryptocurrency mixing service ChipMixer, which was taken down in a coordinated international operation in 2023. Antropenko also laundered cryptocurrency by exchanging it for cash and depositing the cash in structured cash deposits.
The suspect is charged with computer fraud and abuse and conspiracy to commit money laundering.
Zeppelin operated as ransomware-as-a-service (RaaS), a business model where software developers create ransomware and lease it to other cybercriminals in exchange for a cut of all illicit revenues.
Zeppelin first showed up in 2019 to target a wide range of businesses, including manufacturers, defense contractors, tech companies, educational institutions, organizations in the healthcare industry, and political entities.
In 2020, the FBI launched an investigation to identify the developers and affiliates responsible for Zeppelin ransomware.
A few years later, in August 2022, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), America’s cybersecurity agency, warned that Zeppelin was exploiting remote desktop protocol (RDP) connections and SonicWall firewall vulnerabilities to gain access to victims’ networks.
Once threat actors gained access, they spent a few weeks mapping a victim’s network to identify data enclaves. Thereafter, the exfiltration of sensitive company data files began and the original files and backups were encrypted.
By November 2022, the Zeppelin operation disappeared as it was revealed that the malicious software’s encryption process contained vulnerabilities, allowing security experts to crack its encryption keys.
To date, at least 138 businesses and organizations in the United States have been targeted and exploited by Zeppelin.
Your email address will not be published. Required fields are markedmarked