156 shares, 178 points

The FBI seized $2.3 million in August from a widely known REvil and GandCrab ransomware affiliate, in accordance with courtroom paperwork seen by BleepingComputer.

In a grievance unsealed as we speak, the FBI seized 39.89138522 bitcoins value roughly $2.3 million at present costs ($1.5 million at time of seizure) from an Exodus pockets on August third, 2021.

Exodus is a desktop or cell pockets that house owners can use to retailer cryptocurrency, together with Bitcoin, Ethereum, Solana, and lots of others.

The FBI doesn’t state how they gained entry to the pockets apart from that it’s of their custody, indicating that they seemingly gained entry to the pockets’s personal key or secret passphrase.

“The United States of America files this verified complaint in rem against 39.89138522 Bitcoin Seized From Exodus Wallet (“the Defendant Property”) that is now located and in the custody and management of the Federal Bureau of Investigation (“FBI”) Dallas Division, One Justice Way, Dallas Texas,” reads the United States’ Complaint for Forfeiture.

The grievance goes on to say that the pockets contained REvil ransom funds belonging to an affiliate recognized as “Aleksandr Sikerin, a/k/a Alexander Sikerin, a/k/a Oleksandr Sikerin” with an e mail tackle of ‘engfog1337@gmail.com.’

While the FBI doesn’t point out the web alias of the menace actor, the title ‘engfog’ within the e mail tackle is tied to a widely known GandCrab and REvil/Sodinokibi affiliate often known as ‘Lalartu.’

Targeting associates

The GandCrab and REvil organizations operated as Ransomware-as-a-Service (RaaS), the place core operators associate with third-party hackers, often known as associates.

As a part of this association, the core operators will develop and handle the encryption/decryption software program, fee portal, and knowledge leak websites. The associates are tasked with hacking company networks, stealing knowledge, and deploying ransomware to encrypt units.

Any ransom funds would then be cut up between the affiliate and core operators, with the operators usually incomes 20-30% of the ransom and associates making the remainder.

In a REvil report by McAfee, researchers adopted the cash path for a widely known menace actor often known as ‘Lalartu,’ an affiliate for the GandCrab and REvil ransomware operations.

In 2019, the menace actor posted to a Russian-speaking hacking discussion board admitting they labored with GandCrab and switched to REvil after the former operation shut down.

Post by Lalartu on Russian-speaking hacking forum
Post by Lalartu on Russian-speaking hacking discussion board
Source: McAfee

After the report was launched, safety researcher Alon Gal tried to monitor down the actual id of Lalartu.

As a part of his analysis, Gal tracked Lalartu to the aliases’ Engfog’ or ‘Eng_Fog,’ which matches the ‘engfog1337@gmail.com’ e mail tackle listed within the FBI grievance.

After additional conversations with safety researchers, BleepingComputer has confirmed that Lalartu had been recognized as ‘Aleksandr Sikerin,’ who is called within the grievance

In November, the Department of Justice introduced that the FBI seized $6 million in ransoms paid to the REvil ransomware gang.

It is unclear if this $2.3 million is a part of the beforehand introduced quantity or extra ransoms seized by the FBI.

Law enforcement’s continued technique of disrupting the economics and affiliate programs of ransomware operations is paying off.

This exercise has led to quite a few arrests and infrastructure takedowns, together with:

The arrests and seizure of infrastructure are additionally spooking ransomware gangs into shutting down their operations, together with REvil in October and BlackMatter in July.

BleepingComputer has contacted the FBI with questions concerning the seized bitcoins and is awaiting a response.

Update 11/30/21: Updated with appropriate present worth of seized bitcoins.

Like it? Share with your friends!

156 shares, 178 points

What's Your Reaction?

confused confused
lol lol
hate hate
fail fail
fun fun
geeky geeky
love love
omg omg
win win