The United States on September 26 imposed sanctions on an alleged Russian money-laundering operation that caters to cybercriminals around the world and unsealed indictments against two Russian nationals for their alleged involvement in the operation.
The Justice Department and the State Department said their actions in coordination with Dutch partners shut down the "prolific" money-laundering operation known as Cryptex and recovered millions of dollars in cryptocurrency.
"Today's actions highlight the Department’s continued disruption of malicious cyber actors and their criminal ecosystem," said Deputy Attorney General Lisa Monaco.
The two Russians named in the indictment, Sergei Ivanov and Timur Shakhmametov, are charged with conspiracy to commit bank fraud, money laundering using stolen credit and debit card information, and other charges.
Neither the Justice Department nor the State Department's statements say where the two are located. The State Department announced rewards of up to $10 million each for information leading to the arrest or conviction of Ivanov or Shakhmametov.
Ivanov's services have been used by cybercrime marketplaces, ransomware groups, and hackers responsible for significant data breaches of major U.S. companies, the Justice Department said.
Cryptex advertises its virtual currency services in Russian and has received over $51.2 million in funds derived from ransomware attacks, the Treasury Department said.
Ivanov also allegedly created and operated Russian payment and exchange services UAPS, PinPays, and PM2BTC, which the Justice Department said provided money-transfer and -laundering services directly to criminals.
Ivanov operated for nearly two decades as a professional cyber-money-launderer, advertising his services to other cybercriminals on exclusive Russian-speaking criminal forums, the Justice Department said.
In a coordinated action, the Treasury Department imposed sanctions on Ivanov and Cryptex, which it said is based in Saint Vincent and the Grenadines but operating in Russia.
The Treasury Department also identified PM2BTC as a "primary money-laundering concern" in connection with Russian illicit finance.
PM2BTC has long-standing ties to Russian or Russian-affiliated financial institutions that are under U.S. sanctions or other restrictions, according to the Treasury Department.
"The United States and our international partners remain resolute in our commitment to prevent cybercrime facilitators like PM2BTC and Cryptex from operating with impunity," said Bradley Smith, acting undersecretary for the Treasury Department’s terrorism and financial intelligence unit.
Individuals visiting the sites now see a message indicating that the site has been seized by the federal government. The seizure prevents the owners and third parties from using the sites for money laundering, the Justice Department said.
It also said law enforcement authorities in the Netherlands seized the servers hosting PM2BTC and Cryptex. Those servers have been taken offline, and the Dutch have seized cryptocurrency from those servers worth more than $7 million.
The State Department is also offering rewards of up to $1 million each for information identifying the leaders of PM2BTC and stolen credit-card marketplaces PinPays and Joker's Stash.