The person at the center of this case
Multiple ransomware attack victims (organizations and businesses)
Cold Case · Open
3 years waiting · since 2023
ALEKSANDR RYZHENKOV
Justice for Multiple ransomware attack victims (organizations and businesses) — the trail went cold in 2023, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What is Ryzhenkov's current location and how is he communicating with associates if he is in Russia?
🔍
evidence
Lead #2How can investigators trace the cryptocurrency addresses used in ransom demands to identify money laundering networks?
👤
person
Lead #3What is the nature and extent of Ryzhenkov's relationship with Maksim Yakubets (AQUA), and are there other associates involved?
Aleksandr Ryzhenkov is wanted by the FBI for his alleged role in coordinating ransomware attacks using BitPaymer malware, which encrypted victims' computer systems and demanded cryptocurrency payments. Working closely with Russian cybercriminal Maksim Yakubets, Ryzhenkov allegedly deployed malicious code and money laundering schemes targeting multiple organizations across the United States. A federal arrest warrant was issued on March 22, 2023, but Ryzhenkov is believed to be residing in Russia, making his apprehension dependent on international cooperation and intelligence gathering.
Case
#799
FBI - Federal Bureau of Investigation; U.S. District Court, Northern District of Texas
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
💡
clue
Lead #4Can analysis of the BitPaymer ransomware code and deployment patterns identify additional victims or attack targets?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Intentional Damage to a Protected Computer; Transmitting a Demand in Relation to Damaging a Protected Computer; Conspiracy to Commit Money Laundering Caution: Aleksandr Ryzhenkov is wanted for his alleged involvement in ransomware attacks and money laundering activities. It is alleged that, through the use and deployment of BitPaymer ransomware, Ryzhenkov left electronic notes in the form of a text file on victims’ computers.
The notes included email addresses for the victims and provided a virtual currency address to use to pay the ransom. Ryzhenkov is known to be a close associate of Maksim Yakubets , aka “AQUA”, an alleged Russian cyber criminal.
On March 22, 2023, a federal arrest warrant was issued for Ryzhenkov in the United States District Court, Northern District of Texas, Dallas, Texas, after he was charged with Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Intentional Damage to a Protected Computer; Transmitting a Demand in Relation to Damaging a Protected Computer; and Conspiracy to Commit Money Laundering. Remarks: Ryzhenkov is believed to reside in Russia, possibly Moscow.
Timeline of Events
🕵️
2023-03-22
Federal Arrest Warrant Issued
Aleksandr Ryzhenkov was charged in U.S. District Court, Northern District of Texas with conspiracy to commit fraud, intentional damage to protected computers, transmitting ransom demands, and conspiracy to commit money laundering.
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:March 22, 2023
Last Updated:April 29, 2026
Leave a comment
Comments
Case Information
Incident:March 22, 2023
Last Updated:April 29, 2026