Navigation
Join our brand new verified AMN Telegram channel and get important news uncensored!
  •  

Netherlands detains Russian sought by US over ‘Ryuk’ ransomware

Cyberattack (Elchinator/Pixabay)

This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.

A Russian national sought by the United States for allegedly laundering cryptocurrency tied to a notorious ransomware gang has been detained in the Netherlands, according to his lawyer.

The U.S. Justice Department is requesting the extradition of the suspect, 29-year-old Denis Dubnikov, for allegedly receiving hundreds of thousands of dollars’ worth of digital currency from Ryuk, a ransware gang believed to have extracted tens of millions in ransom, including from U.S. victims.

Arkady Bukh, Dubnikov’s U.S.-based lawyer, told RFE/RL by phone on November 13 that his client denied the charges. He said Dubnikov, who co-owns small crypto-exchanges, did not know the source of the money that the United States alleges came from ransomware payments.

Bukh said Dubnikov’s crypto-exchange activities complied with Russian law, including customer due-diligence requirements, and he “had no knowledge or idea about the criminal acts of clients.”

Dubnikov’s arrest has been called one of U.S. law enforcement’s first potential blows to the Ryuk ransomware gang, which is suspected of being behind a rash of cyberattacks on U.S. health-care organizations. The attacks forced delays in potentially life-saving treatments for cancer and other patients.

In October 2020, the FBI and other U.S. agencies warned that Ryuk presented an “imminent” threat to U.S. health-care institutions. The Wall Street Journal said the Ryuk gang took in more than $100 million in ransom payments last year.

In a ransomware attack, a criminal encrypts files on a target computer network and demands payment in cryptocurrency to unlock them. In the health-care industry, where time is often critical, such delays can result in deadly outcomes.

Bukh said that Dubnikov flew to Mexico earlier this month for vacation and was denied entry. Instead of being put on a plane back to Russia, he was sent to the Netherlands, where he was detained upon arrival.

Bukh said he believed the United States was behind Mexico’s decision. “We feel it is almost kidnapping in that sense,” he said, adding that there were direct flights between Mexico and Russia.

He pointed out that unlike Mexico, the Netherlands nearly always extradites suspects to the United States and has a more secure prison system.

Suspects facing extradition from Mexico to the United States have been known to escape from prison.

Bukh said he expects Dubnikov to be extradited to the United States soon.

The Justice Department did not immediately reply to a request for comment.

Dubnikov is the general director of Briefcase, which describes itself as a legal firm offering a variety of services, including help applying for a crypto-exchange license.

Bukh could not immediately say whether Dubnikov was a lawyer himself. Unlike most websites for legal firms, Briefcase does not list the name of any partners or lawyers.

Briefcase announced Dubnikov’s arrest in a statement on November 5.

Russian media say he is a co-founder of Coyote Crypto and EggChange, two Russia-based exchanges.

Dubnikov’s arrest is the latest in a series by U.S. law enforcement against alleged Russian cybercriminals over the past decade, dozens of whom have subsequently been extradited, convicted, and jailed.

South Korea last month extradited a Russian national to the United States to face cybercrime charges.

Russia, which does not extradite its citizens, has accused the United States of hunting Russian nationals abroad.

The United States, in turn, has accused Russia of turning a blind eye to cybercriminals operating inside the country.

President Joe Biden called on Russian President Vladimir Putin to crack down on Russian cybercriminals during their summit in Geneva in June.

U.S. officials have said they have not seen any evidence yet that Russia is taking action against its own cybercriminals.