星球日报|Jul 14, 2026 15:49
[EU Sanctions 'Most Active Ransomware Operator in History' Stern, Involving Over $300 Million in Ransom Payments]
Odaily Planet Daily News – The United States, European Union, and United Kingdom have jointly announced sanctions against a group of state-sponsored hacking organizations, cybercrime syndicates, and their infrastructure providers. The targeted entities are accused of causing billions of dollars in losses to global businesses, critical infrastructure, and government agencies. Among the most notable actions is the EU's sanction against Russian cybercriminal Vitaly Nikolayevich Kovalev (alias 'Stern'). The EU has identified Stern as one of the core managers of the notorious Trickbot Group ransomware organization, which includes high-risk ransomware variants such as Conti ransomware and Ryuk.
Blockchain analysis reveals that wallet addresses associated with Stern have received over $300 million in ransom payments, potentially making him the largest confirmed ransomware operator to date. Analysts suggest that the $300 million represents only Stern's personal earnings, while the overall illicit revenue of the Trickbot Group may be significantly higher. On-chain fund flows indicate that Stern has been involved in transactions with multiple ransomware ecosystems, including Ryuk, Conti, Diavol, Karakurt, Royal, and Quantum.
Investigations show that Stern plays a role akin to a 'CEO' within the Trickbot organization, overseeing budget management, personnel recruitment, infrastructure procurement, and attack planning. (Chainalysis)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink