BTC
ETH
HTX
SOL
BNB
시장 동향 보기
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt

EU sanctions 'most prolific ransomware operator' Stern, linked to over $300 million in ransom inflows

2026-07-14 15:48

Odaily Planet Daily News The United States, the European Union, and the United Kingdom jointly announced sanctions against a group of individuals involved in state-backed hacker organizations, cybercriminal gangs, and their infrastructure providers. The targets are accused of collectively causing billions of dollars in losses to global businesses, critical infrastructure, and government agencies. The most notable action is the EU's sanction against Russian cybercriminal Vitaly Nikolayevich Kovalev (alias "Stern"). The EU determined that Stern is one of the core managers of the notorious Trickbot Group ransomware syndicate, which operates several high-risk ransomware variants, including Conti ransomware and Ryuk.

On-chain analysis shows that wallet addresses linked to Stern have received over $300 million in ransom payments, potentially making him the "most prolific ransomware operator" identified to date.

According to analysis, the $300 million figure represents only Stern's personal gains; the total illicit income of the Trickbot group could be significantly higher. On-chain fund flows indicate that Stern had transactional connections with multiple ransomware ecosystems, including Ryuk, Conti, Diavol, Karakurt, Royal, and Quantum.

The investigation reveals that Stern played a role similar to a "CEO" within the Trickbot organization, responsible for budget management, personnel recruitment, infrastructure procurement, and attack planning. (Chainalysis)