The U.S. Department of the Treasury has announced sanctions against Ekaterina Zhdanova, a Russian individual accused of engaging in the laundering of virtual currency for Russian elites and various cybercriminal groups, including the Ryuk ransomware organization.
According to the Treasury Department, Zhdanova is alleged to have facilitated significant cross-border transactions to aid Russian individuals in accessing Western financial markets and bypassing international sanctions. The department highlighted her utilization of entities lacking Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) controls, such as the OFAC-designated Russian cryptocurrency exchange Garantex Europe OU (Garantex), to move funds internationally. Zhdanova allegedly employed various methods for transferring value, including cash and connections to international money laundering associates and organizations.
Garantex, previously sanctioned by the U.S. in April 2022 in conjunction with the takedown of the dark web marketplace Hydra, has been mentioned in association with Zhdanova’s activities.
Specific allegations involve Zhdanova’s purported involvement in laundering over $2.3 million in suspected victim payments on behalf of a Ryuk ransomware affiliate in 2021. The Ryuk ransomware, an antecedent to the Conti ransomware, has been known to target various sectors globally, including governments, academia, healthcare, manufacturing, and technology organizations.
This recent action by the Treasury Department comes in the midst of a substantial rise in ransomware attacks. According to recent reports, September 2023 witnessed a record 514 ransomware victims, marking a 153% increase year-over-year. Notably, new groups such as LostTrust, RansomedVC, Dark Angels, Knight, Money Message, and Good Day have been identified among those perpetrating ransomware attacks.
The evolving ransomware landscape also includes novel tactics from threat actors. For instance, RansomedVC, a nascent group, operates as ‘penetration testers’ and claims to comply with Europe’s General Data Protection Regulation (GDPR) while extorting their targets. Meanwhile, established threat actors like BlackCat have been observed incorporating new tools like Munchkin to propagate ransomware payloads across networks.
This surge in ransomware incidents has prompted global initiatives, such as the International Counter Ransomware Initiative, involving 50 countries committed to refraining from paying ransom demands to dissuade financially motivated actors and ransomware gangs from profiting.
Cybersecurity firms advise adopting comprehensive defense strategies against ransomware attacks, encompassing resilient backup systems, effective security software, user training, and proactive incident response plans to mitigate such threats. The Supply Chain Report will continue to follow developments in cybercrime and efforts to combat ransomware activities affecting the global financial landscape.
Stay current with supply chain report news at The Supply Chain Report. For international trade resources, visit ADAMftd.com.
#USTreasurySanctions #EkaterinaZhdanova #VirtualCurrencyLaundering #RyukRansomware #RussianElites #CrossBorderTransactions #SanctionsAgainstRussia #GarantexEuropeOU #AMLControls #MoneyLaundering #Cybercrime #RansomwareAttacks #CyberSecurity #RansomwareThreat #GlobalInitiatives #InternationalCounterRansomware #GDPRCompliance #CyberDefenseStrategies #FinancialSanctions #DarkWebMarketplace #RansomwarePrevention
