According to court documents unsealed Tuesday, the US law enforcement officials seized in August roughly $2.3 million in cryptocurrency tied to ransomware attacks committed by a Russian resident.
The unsealed complaint shows that the FBI has seized on August 3rd 39.89138522 bitcoins from an Exodus wallet – a desktop or mobile wallet that owners can use to store cryptocurrency – belonging to Aleksandr Sikerin, a well-known REvil, and GandCrab ransomware affiliate.
The complaint states that the cryptocurrency account, which is now under the FBI’s control, can be traced to the ransomware attacks Sikerin committed.
The US Justice Department alleged in a complaint filed in the Northern District of Texas Dallas Division that Sikerin, whose last known address was in St. Petersburg, Russia, is part of the notorious ransomware gang that has cost US businesses millions of dollars.
The seizure is part of an ongoing effort of the US law enforcement to hamper the funding sources of Russian and Eastern European cybercriminals following the series of damaging ransomware attacks that the US infrastructure has suffered.
The US Department of Justice has seized earlier this month over $6 million in ransom payments allegedly made to Russian national Yevgeniy Polyanin, another REvil operative, who has allegedly conducted about 3,000 ransomware attacks, some of which targeted law enforcement agencies and municipalities in Texas.
Yet, that’s only a small fraction of the amount that REvil members have pocketed from their computer intrusions with the complaint pointing that the victims of the REvil ransomware attacks have paid extortionists more than $200 million from April 2019 to July 2021.
The crackdown against REvil and other ransomware gangs by the law enforcement agencies has leaned heavily on private firms such as the cybersecurity company McAfee, which identified more than two years ago some of the crypto accounts the various people linked with REvil used.
Joining the FBI and Secret Service’s offensive campaign to track accused cybercriminals, the US Treasury Department has also taken aim at the services the hackers use to launder ransom payments, sanctioning in the process the cryptocurrency exchange Suex, accused of doing business with hackers behind eight types of ransomware.