Who are the people the ransomware groups most rely on for their business model?
The majority of commentators adhere to the conventional viewpoint that the primary protagonists of the ransomware industry are the shrewd but immoral hacker masterminds who are looking to make a lot of money.
On the other hand, there are times when we catch a glimpse of the fact that the criminality’s black box may contain significantly more information than what is depicted in this picture. Even though they are rarely mentioned, the financial enablers who keep the entire ransomware show running smoothly are probably just as important as any programmer. They are the ones who keep the show running efficiently.
Processes of Money Laundering
Take, for instance, Ekaterina Zhdanova, a Russian national who was recently sanctioned by the Office of Foreign Assets Control (OFAC) of the Department of the Treasury for allegedly assisting ransomware groups in receiving and laundering illicit funds.
There are allegations that Zhdanova was involved in the laundering of cryptocurrency ransom payments totaling $2.3 million for an affiliate of the RYUK ransomware, which was part of the high-profile attacks carried out by that group.
At the center of this activity was the Russian cryptocurrency exchange known as Garantex. This company was situated in the now-famous Federation Tower skyscrapers in Moscow, which are believed to be the location of other laundering operations of a similar nature.
We discussed the significance of the brash Federation Tower complex in a blog post that was published in April 2022. The post focused on the complex’s function as a hub for criminal activity. However, it is important to note that the complex is also utilized by businesses that are completely legitimate.
The sum of $2.3 million is, in point of fact, a significant understatement of the amount of money that RYUK has accumulated; an estimate from the beginning of 2021 placed its earnings at a minimum of $150 million at that time.
In accordance with OFAC, her enterprise was a highly sophisticated enterprise that extended its operations all over the world:
“In order to move funds across international borders, Zhdanova relies on a variety of different methods of value transfer. According to the press release, this includes the utilization of cash as well as the utilization of connections to other international organizations and associates involved in money laundering. In addition, there are particulars that come as a surprise. This company was not at all a backstreet operation; rather, it was quite public in some respects during its operation.
Zhdanova also makes use of traditional businesses in order to keep her access to the international financial system. One of these businesses is a luxury watch company that has offices all over the world.
Expertise in Criminal Activity Ecosystem
Skyscrapers, expensive watches, and fancy offices in far-flung places are a far cry from the idea of small town sociopath hackers digging in basements, but they are probably just as important to the success of the ransomware industry.
The alleged connection that Zhdanova had with ransomware appears to have been merely a small part of a much larger criminal enterprise that involved the acquisition of multiple layers of financial expertise.
The most important thing to take away from this is that ransomware does not exist in a vacuum and is completely dependent on an ecosystem of criminal expertise in order to function. A significant portion of that is not readily apparent and necessitates connections, in addition to having an understanding of the system and its vulnerabilities and loopholes. One could even argue that the financially integrated ransomware that is prevalent in today’s world is a product of organized crime rather than a separate business that makes use of its services. That was not the case ten years ago, but in this day and age, when there is a great deal of money to be made, the enablers and financial kingpins have stepped in to take their share, which is without a doubt a sizeable portion.
