DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware.
The U.S. Department of Justice (DoJ) seized more than $2.8 million in cryptocurrency from Ianis Aleksandrovich Antropenko.
Antropenko was allegedly involved in now defunct Zeppelin ransomware operation (2019 – 2022), he also laundered proceeds via ChipMixer and structured cash deposits.
The man faces charges in the Northern District of Texas for computer fraud, abuse, and conspiracy to commit money laundering. Law enforcement also seized $70,000 in cash and a luxury vehicle.
“The Department of Justice unsealed six warrants yesterday in the U.S. District Courts for the Eastern District of Virginia, the Central District of California, and the Northern District of Texas authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle.” reads the press release published by DoJ. “All of the cryptocurrency was seized from a cryptocurrency wallet controlled by Ianis Aleksandrovich Antropenko, who is charged by indictment in the Northern District of Texas for conspiring to commit computer fraud and abuse, computer fraud and abuse, and conspiracy to commit money laundering.”
According to the indictment, Antropenko and his accomplices used Zeppelin ransomware to attack individuals, businesses, and organizations worldwide, including in the U.S. They encrypted and exfiltrated victims’ data, demanding ransoms to decrypt files, prevent publication, or ensure deletion.
“Computer Crime and Intellectual Property Section (CCIPS) investigates and prosecutes cybercrime in coordination with domestic and international law enforcement agencies, often with assistance from the private sector.” concludes DoJ. “Since 2020, CCIPS has secured the conviction of over 180 cybercriminals and obtained court orders for the return of over $350 million in victim funds. CCIPS and its partners have also disrupted multiple ransomware groups, preventing victims from having to pay over $200 million in ransom payments.”
Zeppelin ransomware had been active since 2019, it targeted healthcare and IT firms via MSP flaws. After dormancy, it resurfaced in 2021 with sloppy encryption updates. By November 2022, the operation was defunct. In January 2024, reports revealed its source code was sold on a hacking forum for just $500, marking the ransomware’s downfall and commoditization.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Zeppelin ransomware)