The U.S. Department of Justice (DOJ) on Wednesday unsealed six federal warrants authorizing the seizure of more than $2.8 million in cryptocurrency, along with $70,000 in cash and a luxury vehicle, from a man accused of running the notorious and now-defunct Zeppelin ransomware scheme.
According to the DOJ, the suspect, Ianis Aleksandrovich Antropenko, is charged by indictment in the Northern District of Texas for conspiring to commit computer fraud and abuse, computer fraud and abuse, and conspiracy to commit money laundering.
“As alleged in the unsealed warrants, the cryptocurrency and other assets are proceeds of (or were involved in laundering the proceeds of) ransomware activity,” the DOJ officials said in a press release on Thursday.
Federal prosecutors allege that Antropenko used Zeppelin ransomware between 2019 and 2022 to target victims across the globe, including individuals, hospitals, businesses, and IT providers in the United States.
Specifically, he and his associates encrypted victimsโ data, stole sensitive files, and then demanded cryptocurrency payments from victims to regain access to their data, prevent its release, or have it permanently deleted.
After collecting ransom payments, Antropenko allegedly tried to cover his tracks by laundering the funds through several channels, including the now-defunct crypto mixing service ChipMixer, which was shut down in a coordinated international operation in 2023. Prosecutors say he also converted crypto into cash and made structured cash deposits โ breaking large sums into smaller ones to avoid scrutiny by banking authorities.
Federal agents pieced together the money trail using blockchain analysis, eventually identifying cryptocurrency wallets containing Ethereum (ETH), USD Tether (USDT), and USD Coin linked to Antropenko. They linked Binance accounts in Antropenkoโs name to the laundering scheme.
The FBI Dallas and Norfolk Field Offices and the Virtual Assets Unit are investigating Antropenkoโs ransomware activity. Since 2020, the Justice Departmentโs Computer Crime and Intellectual Property Section (CCIPS) said it had secured over 180 cybercriminals and obtained court orders for the return of over $350 million in victim funds.
According to officials, the assets recovered from Antropenko will be added to the governmentโs digital asset reserve, a system launched by executive order in March 2025. The reserve is designed to handle cryptocurrency collected through criminal forfeiture, giving federal authorities a structured way to properly track and manage digital assets linked to crime while cases move through the courts.
โCCIPS and its partners have also disrupted multiple ransomware groups, preventing victims from having to pay over $200 million in ransom payments,โ the DOJ added.
About Zeppelin Ransomware
Zeppelin ransomware first appeared in late 2019 as a Ransomware-as-a-Service (RaaS) derived from the VegaLocker/Buran ransomware family, with a particular focus on healthcare and IT firms. While the group resurfaced with new versions in 2021, its operations shut down by November 2022.
Security researchers later disclosed they had obtained access to a master decryption key as early as 2020, which quietly helped many victims recover data their files for free. In January 2024, the ransomwareโs source code had reportedly been sold on a hacking forum for just $500, signifying its decline and commoditization.
