DOJ Seizes $2.8 Million In Crypto Tied To Aircraft Ransomware
DOJ Seizes$ 2.8 Million In Crypto Tied To Aircraft Ransomware Department of Justice( DOJ) has closed six public clearances authorizing seizure of further than$ 2.8 million in cryptocurrency and$ 70,000 in cash and a luxury vehicle from an alleged driver of the now-defunct Zeppelin ransomware scheme that operated until its check before this time.
Ianis Aleksandrovich Antro Penko is charged with scheme to bind computer fraud and abuse, computer fraud and abuse, and conspiracy to commit plutocrat laundering in the Northern District of Texas, as per a DOJ press release.
The cryptocurrency and other assets are proceeds of (or were involved in laundering the proceeds of) ransomware activity, as alleged in the unsealed warrants,” DOJ officials said in a press release on Thursday.
Federal prosecutors allege that Antropenko ran Zeppelin ransomware between 2019 and 2022, attacking victims around the world including individuals, hospitals, businesses and IT providers in the U.S. The cryptocurrency and other assets seized are the proceeds of (or were used to launder the proceeds of) ransomware activity,” Justice Department officials said in a press release on Thursday.
Federal prosecutors say Antropenko operated Zeppelin ransomware from 2019 through 2022 and attacked victims around the world, including U.S. individuals, hospitals, businesses, and IT providers as described in unsealed warrants.
In particular, he and his associates would encrypt victims’ data, steal sensitive files, and then extort victims to pay them a ransom in cryptocurrency in order to recover their data, stop its release, or delete it permanently.
Once they received the ransoms, Antropenko allegedly attempted to launder the proceeds through multiple channels, including now-shut-down crypto mixing service ChipMixer that was taken down as part of an international operation earlier this year and converted crypto into cash, making structured cash deposits, which is depositing large sums in smaller ones so banking authorities don’t notice.
After tracing the money trail through blockchain analysis, federal agents were able to locate cryptocurrency wallets associated with Ethereum (ETH), USD Tether (USDT), and USD Coin that they traced back to Antropenko.
They connected Binance accounts registered under Antropenko’s name to the laundering scheme. The FBI Dallas and Norfolk Field Offices and the Virtual Assets Unit are investigating Antropenko for his ransomware activity. According to the Justice Department, since 2020, CCIPS had arrested over 180 cybercriminals and secured more than $350 million in court orders for return of victim funds.
Officials said that those funds recovered from Antropenko will be put into the government’s digital asset reserve system, which was created by executive order in March 2025 and is intended for cryptocurrency collected via criminal forfeiture to provide federal authorities with an organized method of tracking and accounting for crypto linked to crime as cases proceed through the courts.
The DOJ also noted that CCIPS and its partners have “disrupted several ransomware groups, saving victims more than $200 million in ransom payments”.
Conclusion
Background on Zeppelin Ransomware Zeppelin ransomware was first discovered in late 2019 as a RaaS from the VegaLocker/Buran ransomware family targeting healthcare firms and IT companies. The group reemerged with new versions in 2021 but ceased operations by November 2022.
Security researchers revealed that they had access to a master decryption key since at least 2020, which allowed many victims to decrypt their files for free. By January 2024, the source code was being sold on a hacking forum for $500.
