The US Department of Justice announced charges against a Zeppelin ransomware operator and the seizure of more than $2.8 million from his cryptocurrency wallet.
The individual, Ianis Aleksandrovich Antropenko, allegedly deployed Zeppelin against businesses, organizations, and individuals worldwide, encrypting their data and exfiltrating it for extortion.
The same as in other ransomware operations, Antropenko and his co-conspirators demanded a ransom payment from their victims in exchange for decrypting their data and for not publishing it online.
Last week, the DOJ unsealed six warrants seeking the seizure of $2.8 million in cryptocurrency, along with $70,000 in cash and a luxury vehicle, which are believed to be proceeds from the ransomware activities of Antropenko and his co-conspirators.
The suspects allegedly laundered the proceeds through various means, including the cryptocurrency mixing service ChipMixer, which was taken down by law enforcement in 2023, and by exchanging the virtual assets to cash that was then deposited in structured cash deposits.
Antropenko was charged with computer fraud and abuse conspiracy, computer fraud and abuse, and money laundering conspiracy.
First observed in 2019, the Zeppelin ransomware was derived from the Delphi-based Vega (VegaLocker) ransomware-as-a-service (RaaS) family, and was used in highly targeted attacks, mainly against healthcare and tech organizations in Europe and the US.
In 2022, the US cybersecurity agency CISA and the FBI warned that Zeppelin was exploiting RDP connections and vulnerabilities in SonicWall firewalls for initial access, and that its operators would sometimes execute the ransomware multiple times within the same network.
By the time CISA and the FBI published their advisory, the Zeppelin operation had disappeared and in November 2022 it was revealed that vulnerabilities in the malware’s encryption process had allowed cybersecurity consulting firm Unit 221B to crack its encryption keys in early 2020.
Related: Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000
Related: Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector
Related: Minnesota Activates National Guard in Response to Cyberattack
Related: NASCAR Confirms Personal Information Stolen in Ransomware Attack
