DALLAS — A Russian national was indicted for allegedly breaking into the computer networks of multiple Dallas-area companies for years and holding their data for ransom, federal officials say.
Aleksandr Ryzhenkov, 31, started breaking into the networks of several companies headquartered in Texas, including three headquartered in Dallas and one headquartered in Lewisville, beginning in 2017, according to the indictment. The Department of Justice didn't identify the companies.
Ryzhenkov, second-in-command of the Russian cybercriminal outfit Evil Corp. and co-conspirators allegedly used a strain of ransomware known as BitPaymer to hold companies’ data for ransom, federal officials say. They would use BitPaymer to encrypt the companies' files, rendering them inaccessible, and leave a note on the systems with a ransom demand and contact instructions to begin ransom negotiations, according to a Department of Justice news release. They would then demand the companies pay a ransom to get a decryption key and prevent their information from being made public online, officials say.
The indictment alleges Ryzhenkov and others used a variety of methods, including phishing campaigns, malware, and more to get into computer systems and demanded millions of dollars in ransom.
A federal arrest warrant was issued for Ryzhenkov in the U.S. District Court for the Northern District of Texas on charges of conspiracy to commit fraud and related activity in connection with computers, intentional damage to a protected computer, transmitting a demand in relation to damaging a protected computer and conspiracy to commit money laundering, officials say. Ryzhenkov is still wanted on those charges and is believed to be in Russia, according to officials.
“Ransomware attacks – particularly those deployed by bad actors with ties to Russia – can paralyze a company in the time it takes to open a laptop. Whether or not the ransom is paid, recovering from a ransomware attack is generally costly and time-consuming,” said U.S. Attorney Leigha Simonton for the Northern District of Texas. “The U.S. Attorney’s Office for the Northern District of Texas is committed to pursuing cybercriminals who hold data hostage, no matter where in the world they may be hiding.”
In coordination with the indictment’s unsealing this week, the U.S. Department of the Treasury announced Ryzhenkov was added to its list of specially designated nationals, blocking property and interests in any property the designee may have in the U.S. and prohibiting U.S. financial institutions from engaging in certain transactions and activities with the designated individual, according to the DOJ.
The FBI Dallas Field Office is investigating the case.
