Brian Nelson, US Undersecretary of the Treasury for Counterterrorism and Financial Intelligence, announcing sanctions against Ekaterina Zhdanova, emphasized that “through key intermediaries such as Zhdanov, Russian elites, oligarchs and cybercriminals who developed ransomware attempted to circumvent US and international sanctions.”
“We remain focused on protecting the US and international financial system from those seeking to exploit cryptocurrencies and other illicit financing methods in the virtual asset ecosystem,” Nelson warned.
A press release issued by the US Treasury Department’s Office of Foreign Assets Control (OFAC) claims that Russian citizen Ekaterina Zhdanova “conducts virtual currency transfers on behalf of oligarchs who have moved abroad.”
The document states that “one of the Russian oligarchs approached Zhdanova to ask her to transfer a fortune valued at more than $100 million to the United Arab Emirates on his behalf. Additionally, Zhdanova provided Russian clients with services to obtain tax residency in the United Arab Emirates and may have participated in concealing their identities.”
As part of this service, Zhdanova provided its clients with tax residency in the United Arab Emirates, an identity document and a bank account. The payments were allegedly made in cash or virtual currency, paid into a bank account in Dubai and then transferred from the bank account in Dubai to offshore bank accounts at the customer’s discretion.
The advantage of this service was the creation for the client of a source of funds that could be managed from anywhere in the world without additional questions from international authorities.
The document notes that “Zhdanova uses many value transfer methods to move funds abroad. This includes the use of cash and the use of connections with other partners and international organizations involved in money laundering. Zhdanova also uses traditional businesses to maintain access to the international financial system, including through a luxury watch company with offices around the world.”
Among the cybercriminals who used Zhdanova’s services was a Russian cyber group that developed the Ryuk ransomware program, which was used to attack more than a thousand organizations representing various industries around the world, including the United States.
In October 2022, US authorities specifically noted that Ryuk poses an immediate and growing cybercriminal threat to hospitals and healthcare facilities in the US.
The Treasury Department press release also mentioned that in March 2022, Ekaterina Zhdanova helped an (anonymous) Russian client conceal the source of his wealth and fraudulently transfer more than $2.3 million to Western Europe for Open an investment account to buy real estate.
According to US authorities, Zhdanova used the Russian cryptocurrency exchange Garantex Europe OU (Garantex), already included on the OFAC sanctions list, to illegally transfer money.