In a significant blow to cybercrime, the U.S. Department of Justice (DOJ) has announced the seizure of over $2.8 million in cryptocurrency linked to the defunct Zeppelin ransomware group. The operation, which also netted $70,000 in cash and a luxury vehicle, marks a major win for law enforcement in the ongoing fight against digital extortion.
The seized assets were traced to a cryptocurrency wallet allegedly controlled by Ianis Aleksandrovich Antropenko, a Russian national who has been indicted for conspiracy to commit computer fraud and abuse, as well as money laundering. According to court documents, Antropenko and his accomplices used the Zeppelin ransomware to target a wide range of victims worldwide, including businesses and public-sector organizations in the United States. The group used a “double extortion” tactic, not only encrypting victims’ data but also stealing it and threatening to release it publicly unless a ransom was paid.
Investigators were able to follow the illicit funds by tracing ransom payments through the blockchain, top them to wallets under Antropenko’s control. The indictment alleges that Antropenko attempted to obscure the money’s origins using various laundering techniques, including a now-defunct cryptocurrency mixing service called ChipMixer and structured cash deposits designed to evade reporting requirements.
This seizure is the latest in a series of actions by the DOJ’s Computer Crime and Intellectual Property Section (CCIPS) to dismantle ransomware operations. Since 2020, the CCIPS has secured convictions against more than 180 cybercriminals and recovered over $350 million for victims. This case underscores the commitment of U.S. law enforcement, in partnership with international agencies, to track down and prosecute cybercriminals regardless of their location and to return stolen funds to victims.
Despite the Zeppelin ransomware operation reportedly becoming defunct in 2022, its legacy continues to pose a threat, as its source code was reportedly sold on hacking forums, potentially enabling new attacks. However, this seizure sends a clear message that even in the decentralized world of cryptocurrency, cybercriminals are not beyond the reach of the law.
