US Sanctions Ryuk Ransomware’s Russian Money Launderer

Woman is accused of assisting Russian oligarchs and ransomware affiliates with schemes to evade sanctions.

Dark Reading Staff, Dark Reading

November 6, 2023

2 Min Read
Russian flag in front of a bunch of code and globe-shaped sphere
Source: Klaus Ohenschlaeger via Alamy Stock Photo

The US Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned Ekaterina Zhdanova on Nov. 3 for moving and laundering virtual currency in the interest of Russian elites legally barred from accessing western financial markets.

The OFAC slammed Russia with economic sanctions after its illegal invasion of Ukraine in February 2022. In March of the same year, Zhdanova, a Russian national, is accused of aiding a Russian elite in the transfer of $2.3 million into Western Europe through a fraudulent investment account, as well as real estate purchases.

According to the US Department of Treasury, Zhdanova also helped individuals connected to Russian Ryuk ransomware group launder over $2.3 million for one of the operation's affiliates. Ryuk ransomware has amassed thousands of victims, some located in the US. In October 2022, the US identified the group as a growing threat to hospitals and healthcare providers in the country.

In another instance, a sanctioned Russian oligarch sought Zhdanova's services to move more than $100 million out of Russia and into the United Arab Emirates, a service she regularly engaged in on behalf of wealthy, sanctioned Russians.

"Through this service, Zhdanova provided clients with United Arab Emirates tax residency, a United Arab Emirates identification card, and a bank account," the OFAC alleges.

Zhdanova used virtual currency entities that do not have anti-money laundering/combating the financing of terrorism (AML/CFT) controls, such as cryptocurrency exchange Garantex Europe OU, which has been known to disregard AML/CFT requirements, the OFAC added. She is also accused of using a variety of methods to move funds, including a network of international money laundering associates, cash transactions, and operating under traditional businesses, such as a luxury watch company. 

The G7 is committed to closing these types of loopholes and sanction evasions that allow Russian elites to go unscathed by international retribution for their country's actions, the OFAC explained in its announcement of the move to sanction Zhdanova personally.

"We remain focused on safeguarding the US and international financial system against those who seek to exploit this technology, among other illicit finance risks in the virtual assets ecosystem," stated Brian E. Nelson, undersecretary of the Treasury for terrorism and financial intelligence. 

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights