A Russian man accused of laundering money in connection with ransomware that hackers have used to disrupt multiple US hospitals has been detained in the Netherlands at the request of the FBI, according to his lawyer.
The US Justice Department is seeking the extradition of Denis Dubnikov, 29, who is accused of receiving more than $400,000 in cryptocurrency tied to ransom payments, according to a copy of the extradition request reviewed by CNN.
Dubnikov’s lawyer, Arkady Bukh, said that his client was traveling to Mexico on vacation when he was detained and put on a plane to the Netherlands in early November. Bukh said Dubnikov denies any wrongdoing and intends, for now, to fight the extradition process.
It’s one of the biggest moves yet by US law enforcement against the so-called Ryuk ransomware, which was involved in a wave of hacks on US health care organizations last year. One hack reportedly involving Ryuk forced hospitals at the University of Vermont Health Network to delay chemotherapy and mammogram appointments.
The rampant nature of Ryuk prompted the FBI and other federal agencies to warn the public in October 2020 of an “imminent” threat to US hospitals and health care providers.
A Justice Department spokesperson declined to comment on the Dubnikov case.
The Wall Street Journal first reported on the Justice Department’s extradition request for Dubnikov.
The Dubnikov case is part of an ongoing US and European law enforcement offensive against Eastern European and Russian ransomware gangs that have extorted businesses of millions of dollars. On Monday, the Justice Department announced the arrest of a Ukrainian man accused of using a different type of ransomware against a US software firm over the Fourth of July weekend.
President Joe Biden in June asked Russian President Vladimir Putin to take action against ransomware gangs operating from Russian soil. US officials say it is too soon to tell if there will be any lasting change in Russian behavior.
In the last three years, ransomware attacks involving Ryuk against hospital networks and other organizations have stood out for their callousness. The ransomware has victimized thousands worldwide and regularly extracts six-figure ransom payments, according to the FBI and private-sector analysts.
Charles Carmakal, a cybersecurity executive who has investigated ransomware attacks using Ryuk, called the cybercriminals “brazen and heartless.”
“Physicians and other caregivers were locked out of the systems needed to run emergency departments and provide patient care,” said Carmakal, who is senior vice president and chief technology officer at the cybersecurity firm Mandiant. “Many health care organizations felt coerced to pay large extortion demands as they feared the potential impact to human lives if they could not recover their health care operations.”
This story has been updated with further developments Friday.