[ad_1]
The FBI seized $2.3 million in August from a well known REvil and GandCrab ransomware affiliate, in accordance with court docket paperwork seen by BleepingComputer.
In a criticism unsealed immediately, the FBI seized 39.89138522 bitcoins value roughly $2.3 million at present costs ($1.5 million at time of seizure) from an Exodus pockets on August third, 2021.
Exodus is a desktop or cellular pockets that homeowners can use to retailer cryptocurrency, together with Bitcoin, Ethereum, Solana, and plenty of others.
The FBI doesn’t state how they gained entry to the pockets apart from that it’s of their custody, indicating that they seemingly gained entry to the pockets’s non-public key or secret passphrase.
“America of America recordsdata this verified criticism in rem towards 39.89138522 Bitcoin Seized From Exodus Pockets (“the Defendant Property”) that’s now situated and within the custody and administration of the Federal Bureau of Investigation (“FBI”) Dallas Division, One Justice Method, Dallas Texas,” reads america’ Grievance for Forfeiture.
The criticism goes on to say that the pockets contained REvil ransom funds belonging to an affiliate recognized as “Aleksandr Sikerin, a/ok/a Alexander Sikerin, a/ok/a Oleksandr Sikerin” with an electronic mail deal with of ‘engfog1337@gmail.com.’
Whereas the FBI doesn’t point out the net alias of the menace actor, the identify ‘engfog’ within the electronic mail deal with is tied to a well known GandCrab and REvil/Sodinokibi affiliate referred to as ‘Lalartu.’
Focusing on associates
The GandCrab and REvil organizations operated as Ransomware-as-a-Service (RaaS), the place core operators associate with third-party hackers, referred to as associates.
As a part of this association, the core operators will develop and handle the encryption/decryption software program, cost portal, and information leak websites. The associates are tasked with hacking company networks, stealing information, and deploying ransomware to encrypt units.
Any ransom funds would then be break up between the affiliate and core operators, with the operators usually incomes 20-30% of the ransom and associates making the remainder.
In a REvil report by McAfee, researchers adopted the cash path for a well known menace actor referred to as ‘Lalartu,’ an affiliate for the GandCrab and REvil ransomware operations.
In 2019, the menace actor posted to a Russian-speaking hacking discussion board admitting they labored with GandCrab and switched to REvil after the former operation shut down.
Publish by Lalartu on Russian-speaking hacking forumSource: McAfee
After the report was launched, safety researcher Alon Gal tried to observe down the actual identification of Lalartu.
As a part of his analysis, Gal tracked Lalartu to the aliases’ Engfog’ or ‘Eng_Fog,’ which matches the ‘engfog1337@gmail.com’ electronic mail deal with listed within the FBI criticism.
After additional conversations with safety researchers, BleepingComputer has confirmed that Lalartu had been recognized as ‘Aleksandr Sikerin,’ who is known as within the criticism
In November, the Division of Justice introduced that the FBI seized $6 million in ransoms paid to the REvil ransomware gang.
It’s unclear if this $2.3 million is a part of the beforehand introduced quantity or extra ransoms seized by the FBI.
Regulation enforcement’s continued technique of disrupting the economics and affiliate methods of ransomware operations is paying off.
This exercise has led to quite a few arrests and infrastructure takedowns, together with:
The arrests and seizure of infrastructure are additionally spooking ransomware gangs into shutting down their operations, together with REvil in October and BlackMatter in July.
BleepingComputer has contacted the FBI with questions in regards to the seized bitcoins and is awaiting a response.
Replace 11/30/21: Up to date with appropriate present worth of seized bitcoins.
[ad_2]