Arrest and Extradition
Denis Mihaqlovic Dubnikov, a 30-year-old Russian national, was arrested in Amsterdam in November 2021 before he was extradited from the Netherlands to the US in August 2022. Dubnikov recently pleaded guilty in a US court to money laundering and concealing the source of funds obtained in connection with Ryuk ransomware gang attacks.
Laundered Funds
Between August 2018 and August 2021, Dubnikov and his co-conspirators are accused of laundering the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the US and abroad. The parties involved in the criminal enterprise are estimated to have laundered at least $150 million in ransom payments.
Dubnikov’s Involvement in Cryptocurrency
Dubnikov is also the co-founder of Coyote Crypto and Eggchange, with the latter headquartered in Federation Tower East, a supertall skyscraper known to harbor several cryptocurrency businesses with ties to money laundering associated with ransomware operations. According to Chainalysis, Eggchange received over $34 million worth of cryptocurrency from darknet markets, scams, fraud shops, and ransomware operators between 2019 and 2021.
Ryuk Ransomware
Ryuk, which first emerged on the threat landscape in 2018, is attributed to a threat actor known as Wizard Spider and has compromised governments, academia, healthcare, manufacturing, and technology organizations. Often delivered through first-stage malware such as TrickBot or BazarBackdoor, Ryuk is also a precursor to the Conti ransomware, which shuttered its operations in May 2022 and splintered into smaller units.
Awaiting Sentencing
Dubnikov is currently awaiting sentencing on April 11, 2023. The Department of Justice has stated that “Dubnikov and his co-conspirators engaged in various criminal schemes designed to obscure the trail of the ill-gotten proceeds.”
