EU Sanctions "Most Prolific Ransomware Operator" Stern, Linked to Over $300 Million in Ransom Payments
Odaily Odaily reports that the United States, the European Union, and the United Kingdom have jointly announced sanctions against a group of individuals involved in state-sponsored hacking organizations, cybercriminal groups, and their infrastructure providers. The targets are accused of causing billions of dollars in losses to global enterprises, critical infrastructure, and government agencies. Among them, the most notable is the EU's sanction against Russian cybercriminal Vitaly Nikolayevich Kovalev, also known as "Stern." The EU identified Stern as one of the core managers of the notorious Trickbot Group ransomware syndicate, which is behind high-risk ransomware variants such as Conti ransomware and Ryuk.
On-chain analysis shows that wallet addresses linked to Stern have collectively received over $300 million in ransom payments, potentially making him the most prolific ransomware operator ever identified.
According to the analysis, the $300 million figure represents only Stern's personal gains, while the total illicit income of the Trickbot Group could be significantly higher. On-chain fund flows indicate that Stern had transactional ties with multiple ransomware ecosystems, including Ryuk, Conti, Diavol, Karakurt, Royal, and Quantum.
The investigation reveals that Stern played a role similar to a "CEO" within the Trickbot organization, responsible for budget management, personnel recruitment, infrastructure procurement, and attack planning. (Chainalysis)
