FBI-wanted hacker who provided initial access to a ransomware gang extradited to the US
Read also: one of oldest drug trading marketplaces Archetyp Market dismantled, authorities seize $225M linked to cyber fraud, and more.
Thursday, June 19, 2025
FBI-wanted hacker who provided initial access to a ransomware gang extradited to the US
Ukrainian police have arrested a 33-year-old individual affiliated with a notorious ransomware group responsible for a series of high-profile cyberattacks on industrial enterprises across multiple countries.
The unnamed ransomware group had targeted major corporations in France, Norway, Germany, the Netherlands, Canada, and the United States, using custom-developed malware and ransomware (LockerGoga, MegaCortex, HIVE, and Dharma) to breach corporate systems. The attacks caused estimated damages exceeding 3 billion Ukrainian hryvnias (approximately $72 million).
The ransomware operation was dismantled in November 2023 as a result of a joint international law enforcement effort. Over 80 court-sanctioned searches were conducted across Ukraine, resulting in the seizure of over 24 million UAH (~$580,000) in cryptocurrency.
The police also identified an additional key suspect, a foreign national residing in Kyiv, who identified vulnerabilities in the IT infrastructure of large corporations, which were later exploited by his associates to launch ransomware attacks. The US FBI placed the suspect on an international wanted list, charging him in absentia with multiple violations of US federal law. Following his arrest, the suspect was officially extradited to the United States on June 18, 2025.
Police shut down Archetyp Market, one of the oldest and most prolific drug trading marketplaces
Law enforcement agencies from six countries, supported by Europol and Eurojust, have dismantled Archetyp Market, one of the world’s most prominent Dark Web marketplaces for illicit drug trade.
Established more than five years ago, the platform facilitated the sale of a wide range of illegal drugs, including fentanyl, cocaine, amphetamines, heroin, and MDMA. It attracted a vast user base, with over 612,000 customer accounts and approximately 3,200 vendors from various regions. Authorities estimate the total value of drug transactions facilitated by the market to exceed €250 million.
Led by the German authorities, the operation targeted the marketplace’s administrator, site moderators, top-earning vendors, and the technological infrastructure supporting the operation. As a result, the platform's alleged 30-year-old administrator, a German national, was apprehended in Spain. Additionally, moderators and six of the platform’s most lucrative vendors have been arrested across Germany and Sweden, with a range of evidence seized.
In parallel, Dutch law enforcement shut down the marketplace’s core server infrastructure, which was hosted in a data center in the Netherlands.
Gotbit founder gets eight months in a US prison for market manipulation fraud
Aleksei Andriunin, a dual citizen of Russia and Portugal and the founder of the cryptocurrency firm Gotbit, has been sentenced to eight months in US federal prison following a years-long investigation into fraudulent practices in the digital asset market. In addition to his prison sentence, Andriunin will also serve one year of supervised release.
Andriunin pleaded guilty in March 2025 to charges of wire fraud and conspiracy to commit wire fraud and market manipulation. Between 2018 and 2024, Gotbit advertised itself as a “market maker” for emerging cryptocurrency tokens. However, rather than facilitating legitimate market activity, the company used “wash trading” techniques to artificially inflate the trading volumes and prices of these tokens.
Gotbit used automated algorithms and multiple blockchain accounts to conduct fraudulent trades to avoid detection. The tactics helped to increase the visibility and perceived value of crypto tokens and get them listed on high-profile crypto tracking platforms and traded on major exchanges.
Andriunin was arrested in Portugal on October 8, 2024, after the FBI created a fake crypto token specifically designed to bait and expose Gotbit’s schemes. He was extradited to the US on February 25, 2025, and indicted alongside two other Gotbit executives, Fedor Kedrov and Qawi Jalili, who are also facing criminal charges.
Chinese ransomware actors arrested in Thailand
Thai authorities arrested multiple Chinese nationals and other Southeast Asian suspects following a major raid on a hotel in Pattaya, which was found to be housing both an illegal gambling den and a cybercrime hub involved in ransomware operations.
Undercover officers were deployed and confirmed suspicious activities inside the premises, prompting a full-scale raid and floor-by-floor search of the building. The second floor of the hotel was used for illegal gambling activities, while the 8th floor served as the operational hub for a ransomware ring run by Chinese nationals.
As part of the raid, multiple suspects were arrested, including 6 Chinese nationals alleged to be members of the ransomware ring. The suspects used computers and phones to target Chinese companies by sending malicious links that deployed ransomware.
Digital evidence confirmed that they were paid operatives responsible for distributing links to deploy malware. They were charged with membership in a criminal organization that operated covertly and engaged in unlawful activities, in addition to working without the necessary permits. Authorities confiscated nine laptop computers and fifteen mobile phones during the investigation.
The US seizes $225 million linked to cyber scams
The US Department of Justice (DOJ) announced a seizure of $225.3 million in cryptocurrency linked to fraudulent schemes known as “pig butchering.” This marks the largest crypto seizure in US Secret Service history.
In this case, federal prosecutors initiated a civil forfeiture action to target the massive sum of cryptocurrency traced back to an elaborate network of fake investment platforms.
Victims were led to believe they were investing in legitimate crypto ventures. Instead, they were defrauded by a criminal enterprise operating primarily overseas. Authorities said that the scam network was connected to at least 400 known victims around the world. The seized funds are now undergoing forfeiture proceedings.
Investigators used blockchain analysis tools to track the flow of funds. The cryptocurrency addresses that held over $225.3 million were part of an advanced blockchain-based money laundering network. The network carried out hundreds of thousands of transactions designed to hide the nature, origin, control, and ownership of funds obtained through cryptocurrency investment fraud. To conseal the source of the illegal proceeds, the scam operators dispersed the funds across a wide network of cryptocurrency addresses and blockchain accounts.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.