Russian national faces 25 years in prison for 50+ cyberattacks

Ianis Antropenko, currently living in California, has admitted to committing ransomware attacks against at least 50 victims.

What happened

Ianis Aleksandrovich Antropenko recently pleaded guilty to leading a ransomware group that attacked at least 50 organizations on January 6th, 2025. The criminal was charged with conspiracy to commit money laundering and conspiracy to commit computer fraud and abuse in the U.S. District Court for the North District of Texas. The crimes could land him up to 25 years in jail and up to $750,000 in fines. He will also be required to pay restitution to victims and forfeit property.

Going deeper

The plea closes a multi-year long investigation. Antropenko, a Russian national, began participating in ransomware attacks in 2018, prior to his move to the US. Numerous attacks were committed in Florida and California. Prior to plea, Antropenko was out on bail in California, a rare occurrence since most cybercriminals are deemed a flight risk.

FBI traced the attacks to Antropenko via his accounts at Proton Mail, PayPal, and Bank of America. Antropenko is believed to have at least one co-conspirator, his ex-wife Valeriia Bednarchik, but so far, no charges have been brought against her.

The backstory

Antropenko initially pleaded not guilty to the charges in October of 2025. In August of 2025, the Justice Department announced they had seized over $2.8 million in assets, largely in cryptocurrency, but also including cash and a luxury vehicle.

Antropenko used various ransomware tools to target organizations worldwide and frequently in the US. After encrypting and exfiltrating data, Antropenko would demand a ransom payment from his victims in order for the data to be deleted or not published.

The big pictures

In recent months, we’ve seen an influx in cybercriminals being prosecuted. Approximately a week ago, Nicholas Moore pleaded guilty to hacking into the US Supreme Court and the Veterans Affairs system. These incidents show that cybercriminals are in the limelight, often for attacking high-value institutions (like the Supreme Court) or for the sheer volume of victims. These criminals, while particularly infamous, are only a few people in the larger networks of cybercriminals. Yet through their court cases, organizations can better understand the strategies and tools they used. Antropenko, for instance, used Zeppelin and GlobeImposter ransomware products to infiltrate organizations.

FAQs

Are cyber criminals difficult to prosecute?

Yes, it can be challenging to prosecute cybercriminals because evidence can often be difficult to find or verify. Outside of this, cybercriminals can be challenging to identify, as they often operate on the dark web, shielding their identity. Ultimately, prosecution is critical to end attacks and identify networks and co-conspirators.

How was Proton Mail involved in the incident?

It’s unclear how Proton Mail was used, but it’s likely that Antropenko used it to securely communicate with co-conspirators. Proton Mail, like most email services, must comply with legal authorities to the best of their ability.