A Russian man pleaded guilty on Monday in an Oregon court on charges related to laundering funds for the Ryuk ransomware group.
Denis Dubnikov was arrested in November 2021 in the Netherlands before being extradited to the U.S. last August. Prosecutors accused him, along with 13 co-conspirators whose names were redacted in a federal indictment, of laundering the proceeds of Ryuk ransomware attacks during a three-year period beginning in 2018.
Ryuk ransomware first appeared in August 2018, and for several years targeted a vast array of organizations, including media outlets, hospitals and school districts. It is widely believed to be the predecessor to Conti ransomware.
Dubnikov pleaded guilty to one count of conspiracy to commit money laundering, which according to the Department of Justice is punishable by up to 20 years in federal prison, three years’ supervised release, and a $500,000 fine.
Dubnikov is specifically accused of receiving 35 Bitcoin – part of a ransom paid to threat actors by a U.S.-based company – in exchange for approximately $400,000 in July 2019. He then converted the Bitcoin into Tether coins, before sending the currency on to a co-conspirator, who converted it to Chinese yuan.
At the time of his arrest, Dubnikov’s lawyer accused the FBI of having “kidnapped” his client after he was refused entry to Mexico while on holiday and sent back to the Netherlands, where he was detained.
Dubnikov is the co-founder of the cryptocurrency exchanges Coyote Crypto and Eggchange. According to Chainalysis, at least 11% of funds that flowed onto the Eggchange platform from 2019 to 2021 were “illicit and risky.” Bloomberg reported in 2021 that the company’s offices were located in a notorious Moscow tower where a handful of cryptocurrency exchanges suspected of laundering ransomware proceeds are based.