US law enforcement officials in August seized roughly $2.3 million in cryptocurrency tied to ransomware attacks committed by a Russian resident, according to a court document unsealed Tuesday.
Aleksandr Sikerin, whose last known address was in St. Petersburg, Russia, is affiliated with a notorious ransomware gang known as REvil that has cost US businesses millions of dollars, the Justice Department alleged in a complaint filed in the Northern District of Texas Dallas Division.
The cryptocurrency account, or “wallet,” that is now under the FBI’s control is “traceable to ransomware attacks committed by Sikerin,” the complaint states.
The seizure is part of an ongoing US law enforcement effort to stymie the sources of funding for Russian and Eastern European cybercriminals following a series of damaging ransomware attacks on US infrastructure. It comes as the White House continues to appeal to Russian President Vladimir Putin to take action against hackers operating from Russian soil.
Bleeping Computer, a cybersecurity news outlet, first reported the news.
The Justice Department this month announced the seizure of more than $6 million in ransom payments allegedly made to another alleged REvil operative, Russian national Yevgeniy Polyanin. Polyanin allegedly conducted about 3,000 ransomware attacks, including some on law enforcement agencies and municipalities throughout Texas.
But the seizures are just a fraction of what REvil members have pocketed from their computer intrusions. From April 2019 to July 2021, victims in the US and elsewhere paid extortionists more than $200 million following hacks committed with the REvil ransomware, according to the new complaint.
The law enforcement offensive against REvil and other ransomware gangs has leaned heavily on private firms. Cybersecurity company McAfee more than two years ago identified some of the cryptocurrency accounts used by various people linked with REvil, and documented how the hackers split their ill-gotten gains.
Despite the crackdown, some alleged ransomware operators appear to be living comfortably in Russia, which does not have an extradition agreement with the US. The FBI wanted poster for Polyanin says he is “believed to be in Russia” and “possibly” in the Siberian city of Barnaul.
While the FBI and Secret Service track accused cybercriminals, the Treasury Department has taken aim at the services the hackers use to launder ransom payments. The department in September sanctioned Suex, a cryptocurrency exchange that US officials accused of doing business with hackers behind eight types of ransomware.