{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/d9c91e2f\"></iframe>","width":"100%","height":180,"duration":2195,"description":"The U.S. Department of Justice has successfully dismantled a major operator behind the notorious Zeppelin ransomware, charging Russian national Ianis Aleksandrovich Antropenko with conspiracy to commit computer fraud, money laundering, and extortion. Antropenko, known online as “china.helper,” allegedly deployed Zeppelin ransomware in targeted campaigns against victims worldwide—encrypting their data, exfiltrating sensitive files, and demanding payment in cryptocurrency to unlock their systems.As part of the operation, U.S. authorities seized over $2.8 million in cryptocurrency assets, along with luxury vehicles and cash, all believed to be the proceeds of Antropenko’s criminal activities. Investigators found that these illicit funds were laundered through services such as ChipMixer, a mixing platform already taken down in a 2023 international law enforcement operation. By tracing blockchain transactions, prosecutors were able to link Antropenko’s laundering activity directly to Zeppelin ransom payments.Zeppelin ransomware, first detected in 2019, was built as a Ransomware-as-a-Service (RaaS) tool, making it widely accessible to cybercriminals. Known for its highly targeted attacks against healthcare providers, defense contractors, and technology firms, the malware spread primarily through weak RDP credentials, phishing campaigns, and exploitation of firewall vulnerabilities. Victims often faced “double extortion,” with stolen data threatened for release if ransom payments weren’t made.Despite its success in extorting millions, Zeppelin’s downfall began when cybersecurity firm Unit 221B quietly cracked its flawed RSA-512 encryption keys in 2020. This breakthrough allowed victims to recover their data without paying ransom—provided they acted quickly after infection. To avoid tipping off Zeppelin’s developers, researchers deliberately kept this discovery quiet, ensuring the decryptor remained effective long enough to assist many victims.Now, with Antropenko facing...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}