UK disrupts Russian money laundering networks used by ransomware

​A law enforcement operation led by the United Kingdom's National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs.

Dubbed "Operation Destabilise," this international investigation has led to the arrest of 84 Russian-speaking suspects linked to the Smart and TGR criminal organizations, controlled by Russian Ekaterina Zhdanova and Ukrainian George Rossi.

"The networks also support Russian cyber criminals to launder their illicit profits. In 2021, Zhdanova laundered over $2.3million of suspected ransoms paid in crypto by victims to the Ryuk ransomware group," the NCA said today.

"The NCA assesses that the group, members of which were sanctioned by the UK in 2023, was responsible for extorting at least £27m from 149 UK victims, including hospitals, schools, businesses and local authorities. However, their true impact is likely to be much higher."

Ryuk is a former ransomware-as-a-service (RaaS) operation active between 2018 and 2020 when the Wizard Spider cybercrime gang behind it switched to Conti ransomware. Conti also shut down operations two years later, in May 2022, when it split into multiple smaller units that either infiltrated existing ransomware gangs or launched their own new operations.

As part of this Operation Destabilise, U.K. law enforcement has collaborated with many international partners, including the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), the FBI, the Drug Enforcement Agency, the French Direction Centrale de la Police Judiciaire, and Ireland's national police and security service, An Garda Síochána (AGS).

To disrupt the criminal rings' money laundering activities, the NCA has also worked closely with authorities in the United Arab Emirates (UAE).

"Operation Destabilise has exposed billion-dollar money laundering networks operating in a way previously unknown to international law enforcement or regulators," said Rob Jones, NCA's Director General of Operations.

"For the first time, we have been able to map out a link between Russian elites, crypto-rich cyber criminals, and drugs gangs on the streets of the UK. The thread that tied them together – the combined force of Smart and TGR – was invisible until now."

OFAC sanctioned Zhdanova in November 2023 for laundering millions of cryptocurrency for various individuals, including ransomware actors.

The list of other suspects linked to the two laundering networks exposed and disrupted today includes Elena Chirkinyan and Andrejs Bradens, who were sanctioned on Wednesday by OFAC together with Rossi.

Among other "services," Smart and TGR helped Russian elites and designated individuals and entities bypass sanctions and other financial restrictions to invest in Western economies.

Chirkinyan of the TGR Group also helped conceal fund transfers from Russia, likely to support a Russian-language media organization in the U.K. These funds are believed to have originated from Russia Today (RT), currently sanctioned in the U.K.

Additionally, the two money laundering networks' cryptocurrency addresses have been linked to transactions with Garantex, a cryptocurrency exchange sanctioned by the U.S. and the U.K. two years ago.

The cryptocurrency exchange has been associated with illegal transactions with the Hydra Market dark web platform and payments for components involved in Russian weapons used in Ukraine.