EU sanctions "most prolific ransomware operator" Stern, linked to over $300 million in ransom inflows
Odaily Planet Daily News The United States, the European Union, and the United Kingdom jointly announced sanctions against a group of individuals linked to state-sponsored hacker groups, cybercriminal syndicates, and their infrastructure providers. The targets are accused of causing tens of billions of dollars in losses to global enterprises, critical infrastructure, and government agencies. The most notable action is the EU's sanction against Russian cybercriminal Vitaly Nikolayevich Kovalev (alias "Stern"). The EU determined that Stern was one of the core managers of the notorious Trickbot Group ransomware organization, which operates several high-risk ransomware variants, including Conti ransomware and Ryuk.
On-chain analysis shows that wallet addresses associated with Stern have received over $300 million in ransom payments, potentially making him the most significant ransomware operator identified to date.
Analysis suggests the $300 million only represents Stern's personal gains, while the overall illicit revenue of the Trickbot Group could be much higher. On-chain fund flows indicate that Stern has had transactional links with multiple ransomware ecosystems, including Ryuk, Conti, Diavol, Karakurt, Royal, and Quantum.
Investigations show that Stern played a role similar to a "CEO" within the Trickbot organization, responsible for budget management, personnel recruitment, infrastructure procurement, and attack planning. (Chainalysis)
