Russian national Aleksandr Viktorovich Ryzhenkov has been charged with conducting ransomware attacks against targets in the United States. Photo credit: National Crime Agency, UK.
Ryzhenkov is a malware developer for the Russian cybercriminal group “Evil Corp,” according to a Treasury Department press release.
The indictment centers on ransomware attacks Ryzhenkov allegedly committed against companies headquartered in or having data centers in Texas.
From as early as June 2017, Ryzhenkov and co-conspirators used the BitPaymer ransomware to gain access to the information stored on victims’ computer networks, according to the recently unsealed indictment. They encrypted the files of the victim companies. The only files the victims could open were electronic notes containing ransom demands and instructions for contacting the attackers to start negotiations.
Ryzhenkov and his conspirators then demanded money, claiming they would provide a decryption key, say prosecutors.
The indictment further alleges that Ryzhenkov and others used methods to intrude into computer systems, including phishing campaigns and malware. They took advantage of vulnerabilities in computer hardware and software to do so. Ryzhenkov and coconspirators used this access to demand millions of dollars in ransom.
Along with the indictment, the Treasury Department’s Office of Foreign Assets Control added Ryzhenkov to the list of specially designated nationals, according to a Treasury Department press release.
According to an FBI wanted poster, Ryzhenkov was born in Uzbekistan, a former Soviet Union Republic, in 1993, and he used many different aliases – Aleksandr Viktorovich Ryzhenkov, Mrakobek, J.d.m0rr1s0n, Jim Morrison, Lizardking, Guester, G, Kotosel and Anonyminem. His likely location is Russia. One of Ryzhenkov’s closest associates is Maksim Yakubets, aka “AQUA,” another alleged Russian cyber-criminal.
On March 22, 2023, the FBI issued a federal arrest warrant for Ryzhenkov on previous charges of conspiracy to commit fraud and related activities, intentional damage to a protected computer, transmitting a demand in relation to damaging a protected computer and conspiracy to commit money laundering.
“Today’s charges against Ryzhenkov detail how he and his co-conspirators stole the sensitive data of innocent Americans and then demanded ransom,” said Deputy Attorney General Lisa Monaco in a statement. “With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes.”
“Ransomware attacks – particularly those deployed by bad actors with ties to Russia – can paralyze a company in the time it takes to open a laptop,” said U.S. Attorney Leigha Simonton for the Northern District of Texas. “Whether or not the ransom is paid, recovering from a ransomware attack is generally costly and time-consuming.”
Ransomware is malicious software (malware) that blocks access to a computer system or data without a specific key. After compromising your system, attackers demand payment in exchange for the decryption key.
To protect yourself from ransomware, first store important data offline and make regular backups. If your system becomes compromised, you’ll still have access to that data without paying the ransom. Paying ransoms not only costs you valuable time and resources, but it also encourages criminal networks to continue conducting these attacks.
Other good network security practices include having an antivirus program installed and avoiding suspicious apps and websites. Strong passwords, two-step verification, up-to-date security drivers and ongoing cyber awareness training for all employees can likewise help protect your systems and data.
Report Strahinja Nikolić | Dec 5, 2024
Report Strahinja Nikolić | Dec 5, 2024
Report Strahinja Nikolić | Dec 3, 2024
Join the mission and subscribe to our newsletter. In exchange, we promise to fight for justice.
Join the mission and subscribe to our newsletter. In exchange, we promise to fight for justice.