Ryuk-Linked Russian Pleads Not Guilty in US CourtDenis Dubnikov Allegedly Laundered $400,000 in Ransom Proceeds
A Russian national accused of laundering proceeds from Ryuk ransomware pleaded not guilty during his first U.S. court appearance Wednesday after extradition from the Netherlands.
See Also: LIVE Webinar Tomorrow | Hackers Don't Back Down, So You Need to Back Up: Data Security's Hardest Truths
Denis Mihaqlovic Dubnikov, 29, allegedly laundered more than $400,000 worth of ransom payments often obtained from hospitals. Cybercriminals deploying Ryuk went on a fall 2020 ransomware binge that seized the IT systems of hundreds of U.S. medical centers in a spree amounting to one of the largest cyberattacks against the healthcare sector.
A superseding indictment against Dubnikov shows him participating for at least two years through August 2021 in a conspiracy that laundered at least $70 million in ransomware proceeds. Dubnikov allegedly played a relatively minor role compared to unidentified co-conspirators who individually laundered amounts reaching into the tens of millions.
Netherlands authorities detained Dubnikov last November on a provisional arrest warrant, says the U.S. Attorney's Office for Oregon.
A federal judge in Portland ordered Dubnikov released on condition of GPS monitoring; he is slated for trial starting on Oct. 4. He faces a maximum of 20 years of imprisonment.
His plea comes as the threat of ransomware shows little signs of receding, with a plurality of CISOs earlier this year naming cyber extortion as their top cybersecurity challenge in a survey conducted by Microsoft. The healthcare sector remains a high-profile target given the often-accurate belief that providers would rather pay up than disrupt medical care.
The federal government has sought to match the mounting threat with increased enforcement and prevention.
New York-based attorney Arkady Bukh, who represented Dubnikov at the time of his November arrest, did not respond to ISMG's request for comments on the case.
Bukh earlier told ISMG his client would plead "not guilty," "because he had no knowledge of someone engaging in criminal activity" (see: Russian National Charged With Laundering Ryuk Ransoms).
Cybersecurity researchers in January 2021 said Ryuk operators and their affiliates used at least 61 cryptocurrency wallets that held more than $150 million worth of cryptocurrency. It is not clear if Dubnikov moved laundered funds using cryptocurrency exchanges Coyote Crypto or EggChange, both of which Dubnikov founded.
The operators behind Ryuk ransomware have been active since 2018 and leveraged several well-established exchanges to cash their ransom proceeds, cybersecurity firms AdvIntel and Hyas said last year. Ryuk receives ransom payments from a "well-known broker" on behalf of the ransomware victims, the two firms say. The broker sends the cryptocurrency to money launderers, who exchange it to fiat currency. They launder anywhere between a few thousand dollars to hundreds of thousands of dollars, the joint report says. A favorite fiat currency is the Chinese renminbi, say federal prosecutors.
As of 2020, Ryuk and its affiliates charged ransoms of $780,000 on an average, incident response firm Coveware found.