Source: United States Department of Justice Criminal Division
The Justice Department today unsealed an indictment charging Russian national Aleksandr Viktorovich Ryzhenkov (Александр Викторович Рыженков) with using the BitPaymer ransomware variant to attack numerous victims in Texas and throughout the United States and hold their sensitive data for ransom.
According to the indictment, beginning in at least June 2017, Ryzhenkov allegedly gained unauthorized access to the information stored on victims’ computer networks. Ryzhenkov and his conspirators then allegedly deployed the strain of ransomware known as BitPaymer and used it to encrypt the files of the victim companies, rendering them inaccessible. An electronic note left on the victims’ systems contained a ransom demand and instructions on how to contact the attackers to begin ransom negotiations. Ryzhenkov and his conspirators allegedly demanded that victims pay a ransom to obtain a decryption key and prevent their sensitive information from being made public online.
The indictment further alleges that Ryzhenkov and others used a variety of methods to intrude into computer systems, including phishing campaigns, malware, and taking advantage of vulnerabilities in computer hardware and software. Ryzhenkov and coconspirators used this access to demand millions of dollars in ransom. Ryzhenkov is believed to be in Russia. View the FBI’s wanted poster for him here.
In coordination with the indictment’s unsealing, the Treasury Department’s Office of Foreign Assets Control today announced that Ryzhenkov was added to its list of specially designated nationals. The designation blocks property and interests in any property the designee may have in the United States and prohibits U.S. financial institutions from engaging in certain transactions and activities with the designated individual. To learn more, view the Treasury announcement here.
“The Justice Department is using all the tools at its disposal to attack the ransomware threat from every angle,” said Deputy Attorney General Lisa Monaco. “Today’s charges against Ryzhenkov detail how he and his conspirators stole the sensitive data of innocent Americans and then demanded ransom. With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes.”
“The FBI, together with partners, continues to leverage all resources to impose cost on criminals engaging in ransomware attacks,” said FBI Deputy Director Paul Abbate. “Today’s indictment delivers a clear message to those who engage in cyber-criminal activity – you will face severe consequences for your illicit activities and will be held accountable under the law.”
“Aleksandr Ryzhenkov extorted victim businesses throughout the United States by encrypting their confidential information and holding it for ransom,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Addressing the threat from ransomware groups is one of the Criminal Division’s highest priorities. The coordinated actions announced today demonstrate, yet again, that the Justice Department is committed to working with its partners to take an all-tools approach to protecting victims and holding cybercriminals accountable.”
“Ransomware attacks – particularly those deployed by bad actors with ties to Russia – can paralyze a company in the time it takes to open a laptop. Whether or not the ransom is paid, recovering from a ransomware attack is generally costly and time-consuming,” said U.S. Attorney Leigha Simonton for the Northern District of Texas. “The U.S. Attorney’s Office for the Northern District of Texas is committed to pursuing cybercriminals who hold data hostage, no matter where in the world they may be hiding.”
The FBI Dallas Field Office is investigating the case.
Trial Attorney Debra L. Ireland of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Vincent J. Mazzurco for the Northern District of Texas are prosecuting the case.
Victims of ransomware attacks are encouraged to contact their local FBI field office. For additional information on ransomware, please visit StopRansomware.gov.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.