Russian National Indicted for BitPaymer Ransomware Attacks Across the U.S.
The Justice Department has unsealed an indictment against Russian national Aleksandr Viktorovich Ryzhenkov (Александр Викторович Рыженков), charging him with deploying the BitPaymer ransomware variant to attack multiple victims in Texas and across the United States.
According to the indictment, Ryzhenkov allegedly began unauthorized access to victims’ computer networks starting in at least June 2017. He and his conspirators purportedly used BitPaymer ransomware to encrypt files, making them inaccessible, and left an electronic note demanding ransom and providing instructions for negotiation.
The indictment further details that Ryzhenkov and his associates employed various methods to infiltrate computer systems, including phishing campaigns, malware, and exploiting hardware and software vulnerabilities. They demanded millions of dollars in ransom. Ryzhenkov is believed to be in Russia. View the FBI’s wanted poster for him here.
In conjunction with the indictment, the Treasury Department’s Office of Foreign Assets Control has added Ryzhenkov to its list of specially designated nationals. This designation blocks any property or interests he may have in the United States and restricts U.S. financial institutions from conducting certain transactions with him. View the Treasury announcement here.
“The Justice Department is using all the tools at its disposal to attack the ransomware threat from every angle,” said Deputy Attorney General Lisa Monaco. “Today’s charges against Ryzhenkov detail how he and his conspirators stole the sensitive data of innocent Americans and then demanded ransom. With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes.”
FBI Deputy Director Paul Abbate remarked, “The FBI, together with partners, continues to leverage all resources to impose cost on criminals engaging in ransomware attacks,” adding that the indictment “delivers a clear message to those who engage in cyber-criminal activity – you will face severe consequences for your illicit activities and will be held accountable under the law.”
Principal Deputy Assistant Attorney General Nicole M. Argentieri emphasized the importance of addressing ransomware threats, stating, “Aleksandr Ryzhenkov extorted victim businesses throughout the United States by encrypting their confidential information and holding it for ransom. Addressing the threat from ransomware groups is one of the Criminal Division’s highest priorities. The coordinated actions announced today demonstrate, yet again, that the Justice Department is committed to working with its partners to take an all-tools approach to protecting victims and holding cybercriminals accountable.”
U.S. Attorney Leigha Simonton for the Northern District of Texas highlighted the severe impact of ransomware attacks, especially those linked to Russia, noting, “Ransomware attacks – particularly those deployed by bad actors with ties to Russia – can paralyze a company in the time it takes to open a laptop. Whether or not the ransom is paid, recovering from a ransomware attack is generally costly and time-consuming. The U.S. Attorney’s Office for the Northern District of Texas is committed to pursuing cybercriminals who hold data hostage, no matter where in the world they may be hiding.”
The FBI Dallas Field Office is leading the investigation. The case is being prosecuted by Trial Attorney Debra L. Ireland of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Vincent J. Mazzurco for the Northern District of Texas.
Victims of ransomware attacks are encouraged to contact their local FBI field office. For more information on ransomware, please visit StopRansomware.gov.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
