The U.S. Justice Department unsealed an indictment Tuesday charging a Russian man with using ransomware to attack businesses throughout the country, including in the Dallas area, for years.
Aleksandr Viktorovich Ryzhenkov is accused of using BitPaymer to hold sensitive data for ransom since at least June 2017, according to a DOJ news release. He is still wanted on the charges and is believed to be in Russia.
A federal arrest warrant was issued for Ryzhenkov in the U.S. District Court for the Northern District of Texas in March 2023 on charges of conspiracy to commit fraud and related activity in connection with computers; intentional damage to a protected computer; transmitting a demand in relation to damaging a protected computer; and conspiracy to commit money laundering, according to the FBI.
“Ransomware attacks — particularly those deployed by bad actors with ties to Russia — can paralyze a company in the time it takes to open a laptop,” U.S. Attorney Leigha Simonton for the Northern District of Texas said in the release. “Whether or not the ransom is paid, recovering from a ransomware attack is generally costly and time-consuming. The U.S. Attorney’s Office for the Northern District of Texas is committed to pursuing cybercriminals who hold data hostage, no matter where in the world they may be hiding.”
An indictment unsealed today in the Northern District of Texas charges Russian national Aleksandr Viktorovich Ryzhenkov (Александр Викторович Рыженков) with using the BitPaymer ransomware variant to attack numerous victims in Texas and throughout the U.S. https://t.co/j0WSQJ5aDT pic.twitter.com/V2545xNclZ
— FBI Dallas (@FBIDallas) October 1, 2024
Ryzhenkov allegedly gained unauthorized access to information stored on victims’ computer networks then deployed ransomware to encrypt the files of victim companies, making them inaccessible, according to the release. Then an electronic note would be left on the victims’ systems with a ransom demand and instructions on how to contact the attackers for negotiations.
Victims would be made to pay money to obtain a decryption key and prevent sensitive information from being made public.
The indictment also alleges Ryzhenkov and co-conspirators used a variety of methods to intrude into computer systems, like phishing campaigns and malware, to demand millions of dollars.
“The Justice Department is using all the tools at its disposal to attack the ransomware threat from every angle,” DOJ Deputy Attorney General Lisa Monaco said in the release. “[Tuesday’s] charges against Ryzhenkov detail how he and his conspirators stole the sensitive data of innocent Americans and then demanded ransom. With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes.”
In coordination with the indictment’s unsealing, the Treasury Department’s Office of Foreign Assets Control announced Tuesday that Ryzhenkov was added to its list of specially designated nationals. The designation blocks property and interests in any property the designee may have in the United States and prohibits U.S. financial institutions from engaging in certain transactions and activities with the designated individual, according to the release.
The FBI Dallas Field Office is investigating the case.
Victims of ransomware attacks are encouraged to contact their local FBI field office and can obtain more information on ransomware at StopRansomware.gov.
