Russian hacker wanted for targeting North Texas businesses in ransomware attacks

The federal government unsealed an indictment for a Russian national wanted for targeting multiple North Texas companies with ransomware attacks. The FBI is actively searching for him.

The ransomware attack is allegedly led by a 31-year-old Russian national. The indictment does not say why North Texas companies were targeted.     

The Justice Department unsealed an indictment charging Aleksandr Ryzhenkov with ransomware attacks against North Texas businesses, but it’s unclear if Ryzhenkov will ever be held accountable for the attacks. 

Mitch Thornton is the executive director of SMU’s Darwin Deason Institute for Cybersecurity. He says it’s common for ransomware attacks to be linked to people from other nations, making extradition difficult.

"They hide behind the dark web and multiple VPNs," he said. "We’ve seen a lot from Russia. We’ve seen some from China. We’ve seen some from North Korea."

Ransomware can begin with a simple email tricking someone to click on a link, which allows hackers to hijack important data to hold ransom. 

Featured

FBI Dallas' new leader focused on battling cyber attacks, getting fentanyl off streets

While there are many threats, Yarbrough says the 600 agents who work in the Dallas FBI Office are dedicated.

"The extortion almost always involves data exfiltration," Thornton said. "In other words, they steal your data before they encrypt it."

According to the 2023 indictment, Ryzhenkov and co-conspirators began gaining access to computer networks of North Texas businesses starting around 2017. 

Two companies are headquartered in Dallas, one in Lewisville, one in Orange, Texas, and an Indiana company with a data center in Dallas.

Ryzhenkov and co-conspirators demanded millions of dollars in the form of Bitcoin. 

"They’re going to go after someone that they think has the financial resources to pay the ransom," Thornton said.

The businesses are not named in the indictment, but at least three of them made paid ransoms totaling more than $2 million.

"There’s not a whole lot that can be done," Thornton said. "And there’s no guarantee that they’ll follow through and give you the key even if you pay it."

Featured

US stops Russian cyber operation that stole sensitive information from dozens of countries

The Justice Department says it has disrupted a long-running Russian cyberespionage campaign that stole sensitive information from computer networks in dozens of countries, including the U.S. and other NATO members.

It’s believed Ryzhenkov is still in Russia, possibly Moscow. The FBI Dallas Office is investigating.