U.S. Treasury Imposes Sanctions on Money Launderer Responsible for Moving Funds on Behalf of Russian Elites and Ransomware Actors

On November 3, 2023, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Ekaterina Zhdanova, a Russian national, for her role as a key facilitator for illicit actors based in Russia seeking to access the global financial system and to obfuscate the source of their wealth. She is accused of using both fiat and cryptocurrency to facilitate large transfers of funds internationally and reportedly uses connections to traditional businesses and a network of associates involved in the laundering process.

OFAC’s designation highlights several such transactions and services that Zhdanova helped facilitate including:

• Assisting a Russian oligarch with transferring over $100 million abroad using cryptocurrency;
• Operating a UAE-based tax residency service on behalf of Russian clients which provided them with tax residency, identity documents, and bank accounts located in Dubai; the accounts were intended to serve as a seemingly legitimate source of their laundered funds;
• Laundering $2.3 million by opening up fraudulent investment accounts and making real estate purchases on behalf of a Russian client.

Zdhanova is also accused of using cryptocurrency exchanges that lack Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) controls including the designated Russian exchange Garantex, one of the largest parasite exchanges in Russia. According to TRM, Garantex has historically served as a destination for a large volume of ransomware funds alongside other parasite exchanges based in Russia including Chatex, Suex, and Bitzlato. 

According to TRM, Bitzlato, which was the target of a U.S. Department of Justice and Treasury actions in January 2023, also received funds from a wallet controlled by Zdhanova.

According to OFAC, Zhdanova also provided services to individuals connected with the Russian Ryuk ransomware group. In 2021, Zhdanova laundered over $2.3 million of suspected victim payments on behalf of a Ryuk ransomware affiliate. Ryuk has been used to target thousands of victims worldwide, including in the United States, across a variety of sectors. TRM has also identified connections to other ransomware groups.