Alleged Russian Ransomware Attacker Indicted
SHARE

Alleged Russian Ransomware Attacker Indicted

Aleksandr Viktorovich Ryzhenkov Wears a Striped Shirt And Gives a Thumbs Up to The Camera - The Daily Muck

Russian national Aleksandr Viktorovich Ryzhenkov has been charged with conducting ransomware attacks against targets in the United States. Photo credit: National Crime Agency, UK.

Ryzhenkov is a malware developer for the Russian cybercriminal group “Evil Corp,” according to a Treasury Department press release.

Hacked Computers, Encrypted Files, Demanded Money

The indictment centers on ransomware attacks Ryzhenkov allegedly committed against companies headquartered in or having data centers in Texas.

From as early as June 2017, Ryzhenkov and co-conspirators used the BitPaymer ransomware to gain access to the information stored on victims’ computer networks, according to the recently unsealed indictment. They encrypted the files of the victim companies. The only files the victims could open were electronic notes containing ransom demands and instructions for contacting the attackers to start negotiations.

Aleksandr Ryzhenko and his “Evil Corp” co-conspirators allegedly deployed BitPaymer ransomware - The Daily Muck
Aleksandr Ryzhenko and his “Evil Corp” co-conspirators allegedly deployed BitPaymer ransomware, extorting victims for ransom payments in exchange for providing them a key to decrypt their data, according to an indictment obtained by The Daily Muck.

Ryzhenkov and his conspirators then demanded money, claiming they would provide a decryption key, say prosecutors.

The indictment further alleges that Ryzhenkov and others used methods to intrude into computer systems, including phishing campaigns and malware. They took advantage of vulnerabilities in computer hardware and software to do so. Ryzhenkov and coconspirators used this access to demand millions of dollars in ransom.

Indicted But Not Captured Yet

The FBI published a wanted poster on Aleksandr Ryzhenkov, whose aliases allegedly include Jim Morrison, Lizardking and Anonyminem, potentially illuminating his music preferences.

Along with the indictment, the Treasury Department’s Office of Foreign Assets Control added Ryzhenkov to the list of specially designated nationals, according to a Treasury Department press release.

According to an FBI wanted poster, Ryzhenkov was born in Uzbekistan, a former Soviet Union Republic, in 1993, and he used many different aliases – Aleksandr Viktorovich Ryzhenkov, Mrakobek, J.d.m0rr1s0n, Jim Morrison, Lizardking, Guester, G, Kotosel and Anonyminem. His likely location is Russia. One of Ryzhenkov’s closest associates is Maksim Yakubets, aka “AQUA,” another alleged Russian cyber-criminal.

On March 22, 2023, the FBI issued a federal arrest warrant for Ryzhenkov on previous charges of conspiracy to commit fraud and related activities, intentional damage to a protected computer, transmitting a demand in relation to damaging a protected computer and conspiracy to commit money laundering.

Statements by Prosecutors

“Today’s charges against Ryzhenkov detail how he and his co-conspirators stole the sensitive data of innocent Americans and then demanded ransom,” said Deputy Attorney General Lisa Monaco in a statement. “With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes.”

“Ransomware attacks – particularly those deployed by bad actors with ties to Russia – can paralyze a company in the time it takes to open a laptop,” said U.S. Attorney Leigha Simonton for the Northern District of Texas. “Whether or not the ransom is paid, recovering from a ransomware attack is generally costly and time-consuming.”

How to Protect Yourself from Ransomware

Ransomware is malicious software (malware) that blocks access to a computer system or data without a specific key. After compromising your system, attackers demand payment in exchange for the decryption key.

To protect yourself from ransomware, first store important data offline and make regular backups. If your system becomes compromised, you’ll still have access to that data without paying the ransom. Paying ransoms not only costs you valuable time and resources, but it also encourages criminal networks to continue conducting these attacks.

Other good network security practices include having an antivirus program installed and avoiding suspicious apps and websites. Strong passwords, two-step verification, up-to-date security drivers and ongoing cyber awareness training for all employees can likewise help protect your systems and data.

Strahinja Nikolić
Born in Belgrade, raised to love sports, fell for rock and roll. Curious by nature, loves to dig, research and make those who deserve it nervous.
If you spot an error in any of our articles, please contact us at
Email
And we will look into it.

Weekly Muck

Join the mission and subscribe to our newsletter. In exchange, we promise to fight for justice.

By signing up, you confirm that you are over the age of 16 and agree to receive occasional promotional offers for programs that support The Daily Muck’s journalism. You may unsubscribe or adjust your preferences at any time. You can read our Privacy Policy here.

Weekly
Muck

Join the mission and subscribe to our newsletter. In exchange, we promise to fight for justice.

By signing up, you confirm that you are over the age of 16 and agree to receive occasional promotional offers for programs that support The Daily Muck’s journalism. You may unsubscribe or adjust your preferences at any time. You can read our Privacy Policy here