Press Releases

Treasury Designates Virtual Currency Money Launderer for Russian Elites and Cybercriminals

Treasury imposes consequences on money launderer responsible for moving funds on behalf of Russian elites and ransomware actors

WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Ekaterina Zhdanova, a Russian national, for her role in laundering and moving funds using virtual currency on behalf of Russian elites. This action is consistent with the G7’s commitment to crack down on sanctions evasion and closing loopholes that allow the Russian state, its elites, proxies, and oligarchs to leverage virtual currency to offset the impact of international sanctions. 

“Through key facilitators like Zhdanova, Russian elites, ransomware groups, and other illicit actors sought to evade U.S. and international sanctions, particularly through the abuse of virtual currency,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “We remain focused on safeguarding the U.S. and international financial system against those who seek to exploit this technology, among other illicit finance risks in the virtual assets ecosystem.”

Zhdanova: A key Gateway TO the international financial system for Russian ELITES and ransomware actors

In response to Russia’s illegal invasion of Ukraine in February 2022, OFAC has imposed expansive economic sanctions on the Russian financial system. In March 2022, Ekaterina Zhdanova (Zhdanova) assisted a Russian client in obfuscating their source of wealth in order to transfer over $2.3 million into Western Europe through a fraudulently opened investment account and real estate purchases. Zhdanova’s services result in the provision of access to Western financial markets for Russian individuals that may otherwise be blocked due to U.S. and international prohibitions. This type of illicit financial activity can be used to evade the multilateral U.S. and international sanctions that impose costs on Russia for its unprovoked war and deny the access of sanctioned Russian individuals and entities to the international financial system.

Zhdanova uses virtual currency to facilitate large cross border transactions.  Zhdanova utilizes entities that lack Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) controls, such as OFAC-designated Russian cryptocurrency exchange Garantex Europe OU (Garantex). Garantex was designated by OFAC in 2022, pursuant to Executive Order (E.O.) 14024 for operating or having operated in the financial services sector of the Russian Federation economy. Garantex was known for blatantly disregarding AML/CFT obligations and allowing its platform to be used by illicit actors.  

Zhdanova relies on multiple methods of value transfer to move funds internationally. This includes the use of cash and leveraging connections to other international money laundering associates and organizations. Zhdanova also uses traditional businesses to maintain access to the international financial system, including through a luxury watch company that has offices around the world. 

Zhdanova conducts virtual currency exchange transfers on behalf of oligarchs who have relocated internationally. In one instance, a Russian oligarch sought out Zhdanova to move over $100 million in wealth on their behalf to the United Arab Emirates. Additionally, Zhdanova has facilitated a United Arab Emirates tax residency service for Russian clients, and possibly participated in obfuscating their identities. Through this service, Zhdanova provided clients with United Arab Emirates tax residency, a United Arab Emirates identification card, and a bank account. Payments were alleged to be made in cash or by virtual currency, and to be received at a Dubai bank account, and then transferred from the Dubai bank account to foreign bank accounts at the discretion of the client. A benefit of this service was to create an origin of funds for the client that would be managed from anywhere in the world without additional questions from international authorities.  

Zhdanova also provided services to individuals connected with the Russian Ryuk ransomware group. In 2021, Zhdanova laundered over $2.3 million of suspected victim payments on behalf of a Ryuk ransomware affiliate. Ryuk has been used to target thousands of victims worldwide, including in the United States, across a variety of sectors. In October 2022, U.S. law enforcement specifically identified Ryuk as an imminent and increasing cybercrime threat to hospitals and healthcare providers in the United States.  

Ekaterina Zhdanova is being designated today pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.

SANCTIONS IMPLICATIONS

As a result of today’s action, all property and interests in property of the designated person described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked person. 

In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person. 

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 hereFor detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

Click here for more information on the individual designated today.

See OFAC’s Updated Advisory on Potential Sanctions Risk for Facilitating Ransomware Payments here for information about actions that OFAC would consider to be mitigating factors in any related enforcement action involving ransomware payments with a potential sanctions risk. For information on complying with sanctions applicable to virtual currency, see OFAC’s Sanctions Compliance Guidance for the Virtual Currency Industry here.

###