US sanctions Russian accused of laundering virtual currency for ransomware affiliate

The Treasury Department on Friday sanctioned a Russian woman accused of laundering virtual currency on behalf of the country’s elites and cybercriminals, including an affiliate of Ryuk ransomware.

According to the Office of Foreign Assets Control, Ekaterina Zhdanova worked to help other Russians evade sanctions imposed on the country’s financial system after the invasion of Ukraine. In one case, an unnamed oligarch approached Zhdanova about moving $100 million to the United Arab Emirates, OFAC said

In 2021, she allegedly laundered more than $2.3 million of “suspected victim payments” for a Ryuk ransomware affiliate. She ran the funds through the Garantex cryptocurrency exchange, which was itself designated by OFAC in 2022.

According to OFAC, more than $100 million in transactions associated with darknet markets and criminals were conducted on the exchange before it was sanctioned.

“Through key facilitators like Zhdanova, Russian elites, ransomware groups, and other illicit actors sought to evade U.S. and international sanctions, particularly through the abuse of virtual currency,” said Undersecretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. The OFAC announcement does not offer details about Zhdanova’s professional background.

Ryuk ransomware wreaked havoc for years after emerging in 2018. In 2020, amid Covid-19 lockdowns, federal law enforcement agencies warned that the healthcare sector was under attack from Ryuk. The month before, hospital chain Universal Health Services had been hit with a Ryuk attack that ultimately cost the company $67 million.

In February, a Russian man pleaded guilty in an Oregon federal court to laundering funds for Ryuk over the course of three years. He was accused of being a middleman for the group alongside 13 unnamed co-conspirators.

Sanctions against individuals like Zhdanova are often more symbolic than impactful, as Russians involved in illicit activity are unlikely to have property or business interests in the United States.