BTC
ETH
HTX
SOL
BNB
Xem thị trường
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt

EU sanctions 'most prolific ransomware operator' Stern, with over $300 million in ransom inflows

2026-07-14 15:48

Odaily Planet Daily News The United States, the European Union, and the United Kingdom jointly announced sanctions against a group of individuals involved in state-sponsored hacker organizations, cybercriminal groups, and their infrastructure providers. The targets are accused of causing tens of billions of dollars in losses to global enterprises, critical infrastructure, and government agencies. The most notable action is the EU's sanction against Russian cybercriminal Vitaly Nikolayevich Kovalev (alias "Stern"). The EU identified Stern as one of the core managers of the notorious Trickbot Group ransomware syndicate, which is responsible for high-risk ransomware variants including Conti ransomware and Ryuk.

On-chain analysis shows that wallet addresses linked to Stern have received over $300 million in ransom payments, potentially making him the most prolific ransomware operator identified to date.

According to analysis, the $300 million figure represents only Stern's personal gains; the total illicit income of the Trickbot Group may be significantly higher. On-chain fund flows indicate that Stern has had transaction links with multiple ransomware ecosystems, including Ryuk, Conti, Diavol, Karakurt, Royal, and Quantum.

Investigations reveal that Stern played a role similar to a "CEO" within the Trickbot organization, responsible for budget management, personnel recruitment, infrastructure procurement, and attack planning. (Chainalysis)