Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial CyberScoop
p
By
Matt Kapko
pp
September 2 2025
ppAuthorities and threat intelligence analysts alike relish taking ransomware operators off the board Holding cybercriminals accountable through arrest imprisonment or genuine reform creates a powerful deterrent and advances the ultimate goal of a safer internet for everyone ppGetting to that point is a remarkably tough task for defenders Ransomware attacks are often initiated by people living in countries that arent bound by extradition treaties with the United States or dont cooperate with international law enforcement When those obstructions arent in place authorities can amass resources to hunt down those responsible for cyberattacks and bring them to justiceppThe fight against cybercrime is grueling and wins dont typically countervail the losses For nearly a decade police have often made highprofile announcements about arresting cybercriminals keeping them in custody until their court dates and seizing their illgotten gains These acts send a clear message to the public and potential offenders that cybercrime is a serious offense and authorities are taking swift visible measures to uphold the lawppIanis Aleksandrovich Antropenko exemplifies the profile of a modern cybercriminal yet unlike many others who have faced strict prosecution for similar offenses the Justice Department has granted him liberties rarely extended to such suspectsppThe 36yearold Russian national was arrested almost a year ago in California for his alleged involvement in multiple ransomware attacks from at least May 2018 to August 2022 Yet he was released on bail the day of his arrest and continues to live with few restrictions in Southern California awaiting trial for multiple feloniesppAntropenko is charged with conspiracy to commit computer fraud and abuse computer fraud and abuse and conspiracy to commit money laundering He is accused of using Zeppelin ransomware to attack multiple people businesses and organizations globally including victims based in the USppAntropenko pleaded not guilty to the charges in OctoberppThe Justice Department recently announced it seized more than 28 million in cryptocurrency nearly 71000 in cash and two luxury vehicles from Antropenko in February 2024 His alleged crimes were publicly revealed for the first time last month when authorities unsealed various court documentsppAntropenkos arrest and pending trial marks another potential win against ransomware but many experts told CyberScoop they are stunned he remains free on bail This rare flash of deferment in a case involving a prolific alleged cybercriminal is even more shocking considering his multiple runins with police since his 2024 arrestppAntropenko violated conditions for his pretrial release at least three times in a fourmonth period this year including two arrests in California involving dangerous behavior while under the influence of drugs and alcohol Authorities havent explained why Antropenko was released pending trial nor why parole officers and a judge repeatedly allowed him to remain out of jail following these infractionsppOn average most ransomware actors if they are brought into custody are remanded because of a flight risk said Cynthia Kaiser senior vice president of the ransomware research center at HalcyonppIts rare to have a ransomware actor in US custody the former deputy assistant director at the FBI Cyber Division told CyberScoop Typically if the FBI believes that the person is a flight risk it would make the case for bond to be deniedppProsecutors in the US District Court for the Northern District of Texas did not flag Antropenko as a flight risk in this case ppIn the past year other alleged ransomware suspects or cybercriminals Noah Urban Cameron Wagenius Connor Moucka and Artem Stryzhak among them were all detained pending trial Urban who was sentenced last month to 10 years in prison and Wagenius who has pleaded guilty to some charges were arrested in the United States Moucka and Stryzhak were arrested elsewhere and extradited to the USppPretrial treatment of cybercrime suspects hasnt always adhered to strict norms especially when the accuseds mental health status was taken into account Paige Thompson who was arrested in July 2019 for hacking and stealing data from Capital One and dozens of other organizations for a cryptocurrency mining scheme was deemed a serious flight risk by prosecutors but still released pending trial four months laterppA US district judge in Seattle determined Thompson didnt pose a threat to the community and previously told attorneys he was very concerned that Thompson would not receive adequate mental health treatment from the Bureau of Prisons ppThompson was found guilty of multiple counts and sentenced in October 2022 to time served and five years of probation much to the chagrin of prosecutors A federal appeals court overruled the district court judges sentence earlier this year calling the punishment substantially unreasonableppYevgeniy Nikulin a Russian national arrested in October 2016 on charges related to breaching a database containing 117 million passwords from LinkedIn Dropbox and other services was extradited to the US from the Czech Republic in 2018 and ruled fit to stand trial despite exhibiting mental illness symptoms throughout his incarceration and trial He was detained pending trial and sentenced to 88 months in prison in September 2020ppNotwithstanding these variances in previous cases some experts are struck by other irregularities in Antropenkos case including his conditions of release He is not banned from using the internet or computers but limited to devices and services disclosed during supervision that are subject to monitoringppMore lenient conditions of release are typically offered in exchange for cooperation according to threat analysts and a former FBI special agent who specialized in cybersecurity investigations ppThe investigators that tracked him down will certainly want to know who the bigger fish are and theyll want to figure out who else they could take down the former FBI special agent speaking on condition of anonymity told CyberScoop If hes willing to cooperate then normally the federal system will do good things for youppAuthorities imposed travel restrictions on Antropenko required him to surrender his passport banned him from entering a Russian embassy or consulate and are monitoring his locationppThe federal case against Antropenko accentuates how finite resources can put law enforcement and federal investigators at a disadvantage as they confront a constant crush of cybercrime ppThe FBI and prosecutors accuse Antropenko of deploying ransomware and extorting victims by email and implicate him and his exwife Valeriia Bednarchik in the laundering of ransomware proceeds Investigators traced the path of ransom payments money laundering techniques and services and determined the seized accounts cash and vehicles were derived from criminal proceedsppThe FBI said it found at least 48 cryptocurrency addresses referenced in Antropenkos email account chinahelperaolcom which he registered in May 2018 including emails that received or negotiated ransom payments and emails about other ransomware attacks ppA cluster of Bitcoin addresses owned by Antropenko had received a total of approximately 101 Bitcoin as of Feb 5 2024 Out of this amount 646 Bitcoin was sent to the cryptocurrency mixing service ChipMixer according to the FBI As of todays rates the current value of 101 Bitcoin is almost 109 millionppThe 2023 takedown of ChipMixer which was used by criminals to launder more than 3 billion in cryptocurrency starting in 2017 provided crucial evidence for this investigation according to Ian Gray VP of intelligence at FlashpointppOnly after law enforcement seized ChipMixers infrastructure could investigators trace the funds linked to accounts registered in Antropenkos name he said The sophistication of Bitcoin tracing and clustering techniques also likely contributed to the timing as law enforcement has adopted software and tools more widelyppProsecutors allege that Antropenko and Bednarchik funneled money from computer fraud victims through ChipMixer then back to their own exchange accounts Antropenko also allegedly arranged inperson cryptocurrencytocash swaps in the US depositing the cash in small sums under 10000 into his bank accountppFBI investigators traced Antropenkos activities via accounts he held at Proton Mail PayPal and Bank of America and accounts he and Bednarchik controlled at Binance and Apple In Bednarchiks iCloud account agents found a seed phrase for a crypto wallet that had received over 40 Bitcoin from Antropenkos accounts as well as evidence she had agreed to safeguard a disguised copy of this phrase so the funds could be accessed if Antropenko became unavailable Her account also contained joint tax returns with Antropenko and photos showing large amounts of US cashppAuthorities also seized cash and two luxury vehicles from the apartment Antropenko and Bednarchik once shared in Irvine Calif This included a Lexus LX 570 that Antropenko purchased for more than 123000 in November 2022 and a 2022 BMW X6M that Antropenko and Bednarchik purchased for 150000 in cash in November 2021 Photos of vehicles matching those descriptions are depicted on Antropenkos public Instagram account ppRansomware operators have been assisted by their spouses in other cases but their partners involvement is typically limited to money laundering Allan Liska threat intelligence analyst at Recorded Future told CyberScoopppWhile many ransomware operators and affiliates operate outside of Russia now it is rare for a Russian national to live in the US while initiating ransomware attacks for as long as Antropenko allegedly did Liska saidppIt sounds like he may have had additional information about other people maybe bigger fish that law enforcement could go after he saidppThe US District Court for the Northern District of Texas declined to answer questions or provide additional information The most recent attorney on record for Antropenko did not respond to a request for comment ppAntropenko didnt just inflict damages on his cybercrime victims as alleged by prosecutors His volatility erupted around those closest to him according to Bednarchik who accused him of domestic violence in temporary restraining orders she filed against Antropenko in April and May 2022 ppBednarchik has been identified as Antropenkos unnamed coconspirator through court documents and public records While authorities said they plan to bring charges against her no cases are currently pendingppIn court filings Bednarchik painted a picture of a controlling relationship writing that Antropenko constantly threatens me with full custody of our son because he has a lot of money and expressing fears he might take their child to Russia without permissionppCourt records reveal the family lived together in Miami and later Irvine until 2022 Despite Bednarchik reporting only 800 monthly income from her clothing business she estimated Antropenko earned 50000 per month from cryptocurrency dividends describing him as the breadwinner for the familyppWhen Antropenko was arrested in September 2024 Bednarchik posted his 10000 bail identifying herself in the affidavit as his exwifeppShes either being redacted because shes a victim or because she is collaborating with law enforcement and has been able to get her name redacted Zach Edwards senior threat analyst at Silent Push told CyberScoopppAuthorities did not describe the extent to which Antropenko was involved with Zeppelin ransomware Prosecutors mention unnamed coconspirators in some court documents indicating they are investigating or aware of others involved in the ransomwareasaservice operationppThe Cybersecurity and Infrastructure Security Agency said Zeppelin ransomware victims include a wide range of businesses and critical infrastructure organizations including defense contractors educational institutions manufacturers technology companies and organizations in the health care and medical industries ppZeppelin a variant of the Delphibased Vega malware was used from at least 2019 to mid2022 the agency said in an August 2022 advisory A ransom note included in CISAs advisory listed an AOL address for communication regarding extortion paymentsppProsecutors and investigators working on Antropenkos case said Zeppelin ransomware affected about 138 US victims since March 2020 including a data analysis company and its CEO based in the Dallas region where Antropenko faces federal chargesppProsecutors have consistently declared the case against Antropenko complex with evidence surpassing 7 terabytes of data including personally identifiable information of victims such as names addresses photos and bank account numbers ppZeppelin and Antropenkos alleged activities rose during the second wave of ransomware when many cybercriminals were winging it and law enforcement activity was at a lull Liska said If you start off with a mistake that mistake is going to catch up to you he saidppIndeed threat researchers and analysts attribute Antropenkos capture to sloppy behaviors and practices including his use of major US service providersppAntropenkos operational security was remarkably poor Gray saidppHe used a personal PayPal account linked to recovery emails for ransomware operations shared usernames between banking and ransomware accounts and stored sensitive information like cryptocurrency seed phrases and photos of large cash amounts in iCloud accounts he continued These OPSEC failures ultimately led to law enforcement identifying AntropenkoppWhile prosecutors push Antropenkos trial date further down the road currently set for Feb 6 2026 his personal life has been unraveling He was hospitalized on a mental health hold on Dec 31 2024 and spent a week in a behavioral health hospital according to a pretrial release violation reportppAntropenko told his probation officer that his exwife took his son from him unexpectedly which led to a significant bout of depression and increase in alcohol consumption While walking around his RV park intoxicated he was approached by an individual who offered him an unknown drug which he assumed was some type of methamphetamine Antropenkos probation officer wrote in the court filingppAntropenko said he had little recollection of the events that followed Once he was placed in a police car after law enforcement arrived the following morning he assumed he was being arrested which exacerbated his depression prompting him to bang his head on the window of the police car after which he recalls regaining consciousness in the hospital the probation officer said No charges were filedppAlmost two months later Antropenko was arrested for public intoxication in Riverside County Calif when he was found laying unresponsive in the center divider of a roadway Antropenko told his probation officer he sat down on a curb near his home to smoke a cigarette after consuming four to five beers and was feeling tired so he fell asleep He was released the following dayppA US magistrate judge in Texas allowed Antropenko to remain out on bond and modified the conditions of his release to include a ban on alcohol consumption and submit to regular alcohol testingppIt strikes me as unusual to have so many drug violations and stay out on bail Kaiser said It would be overly lenient if they were still perpetrating crimes obviously against others It appears hes harming himself ppIn April Antropenko contacted his parole officer to make an unsolicited admission to cocaine use according to a court document filed in May The defendant stated that he attended a birthday celebration for a friends sister When he went to the restroom some random people offered him a bump of cocaine his probation officer said The court took no further actionppEven if he is a cooperating witness he has been given a lot of freedom a lot more freedom than we normally see in this case Liska said I cant think of any case of anybody this high profile that has been given this level of freedom cooperating or notppEdwards is also dismayed Antropenko remains out on bail pending trialppIts wild that a citizen from Russia who has been accused of partnering with serious global threat actors and is out on bail for leading a ransomware campaign has been arrested multiple times for issues associated with alcohol including passing out on a street in public and also admitted to using cocaine while out on bail and yet his bail hasnt been revoked he saidppFormer law enforcement officials were less shocked about the circumstances of Antropenkos case than security analystsppAdam Marrè chief information security officer at Arctic Wolf said the postarrest privileges granted to Antropenko arent that odd especially since Antropenkos alleged pretrial release violations dont have anything to do with cybercrimeppMarrè said Antropenkos alleged violations would have frustrated him when he was a special agent at the FBI investigating cybercrime but he understands the courts decisions adding people are innocent until proven guiltyppIts important to note the FBI is focused on outcomes according to Kaiser Getting money back to victims who were stolen from is more important than punishing some guy especially if hes not doing ransomware activities anymore she saidppIts hard to arrest these people in the first place and stop them which means its very complicated to deter them over a long period of time Kaiser added Theres no one arrest thats going to stop these types of activitiesp
By
Matt Kapko
pp
September 2 2025
ppAuthorities and threat intelligence analysts alike relish taking ransomware operators off the board Holding cybercriminals accountable through arrest imprisonment or genuine reform creates a powerful deterrent and advances the ultimate goal of a safer internet for everyone ppGetting to that point is a remarkably tough task for defenders Ransomware attacks are often initiated by people living in countries that arent bound by extradition treaties with the United States or dont cooperate with international law enforcement When those obstructions arent in place authorities can amass resources to hunt down those responsible for cyberattacks and bring them to justiceppThe fight against cybercrime is grueling and wins dont typically countervail the losses For nearly a decade police have often made highprofile announcements about arresting cybercriminals keeping them in custody until their court dates and seizing their illgotten gains These acts send a clear message to the public and potential offenders that cybercrime is a serious offense and authorities are taking swift visible measures to uphold the lawppIanis Aleksandrovich Antropenko exemplifies the profile of a modern cybercriminal yet unlike many others who have faced strict prosecution for similar offenses the Justice Department has granted him liberties rarely extended to such suspectsppThe 36yearold Russian national was arrested almost a year ago in California for his alleged involvement in multiple ransomware attacks from at least May 2018 to August 2022 Yet he was released on bail the day of his arrest and continues to live with few restrictions in Southern California awaiting trial for multiple feloniesppAntropenko is charged with conspiracy to commit computer fraud and abuse computer fraud and abuse and conspiracy to commit money laundering He is accused of using Zeppelin ransomware to attack multiple people businesses and organizations globally including victims based in the USppAntropenko pleaded not guilty to the charges in OctoberppThe Justice Department recently announced it seized more than 28 million in cryptocurrency nearly 71000 in cash and two luxury vehicles from Antropenko in February 2024 His alleged crimes were publicly revealed for the first time last month when authorities unsealed various court documentsppAntropenkos arrest and pending trial marks another potential win against ransomware but many experts told CyberScoop they are stunned he remains free on bail This rare flash of deferment in a case involving a prolific alleged cybercriminal is even more shocking considering his multiple runins with police since his 2024 arrestppAntropenko violated conditions for his pretrial release at least three times in a fourmonth period this year including two arrests in California involving dangerous behavior while under the influence of drugs and alcohol Authorities havent explained why Antropenko was released pending trial nor why parole officers and a judge repeatedly allowed him to remain out of jail following these infractionsppOn average most ransomware actors if they are brought into custody are remanded because of a flight risk said Cynthia Kaiser senior vice president of the ransomware research center at HalcyonppIts rare to have a ransomware actor in US custody the former deputy assistant director at the FBI Cyber Division told CyberScoop Typically if the FBI believes that the person is a flight risk it would make the case for bond to be deniedppProsecutors in the US District Court for the Northern District of Texas did not flag Antropenko as a flight risk in this case ppIn the past year other alleged ransomware suspects or cybercriminals Noah Urban Cameron Wagenius Connor Moucka and Artem Stryzhak among them were all detained pending trial Urban who was sentenced last month to 10 years in prison and Wagenius who has pleaded guilty to some charges were arrested in the United States Moucka and Stryzhak were arrested elsewhere and extradited to the USppPretrial treatment of cybercrime suspects hasnt always adhered to strict norms especially when the accuseds mental health status was taken into account Paige Thompson who was arrested in July 2019 for hacking and stealing data from Capital One and dozens of other organizations for a cryptocurrency mining scheme was deemed a serious flight risk by prosecutors but still released pending trial four months laterppA US district judge in Seattle determined Thompson didnt pose a threat to the community and previously told attorneys he was very concerned that Thompson would not receive adequate mental health treatment from the Bureau of Prisons ppThompson was found guilty of multiple counts and sentenced in October 2022 to time served and five years of probation much to the chagrin of prosecutors A federal appeals court overruled the district court judges sentence earlier this year calling the punishment substantially unreasonableppYevgeniy Nikulin a Russian national arrested in October 2016 on charges related to breaching a database containing 117 million passwords from LinkedIn Dropbox and other services was extradited to the US from the Czech Republic in 2018 and ruled fit to stand trial despite exhibiting mental illness symptoms throughout his incarceration and trial He was detained pending trial and sentenced to 88 months in prison in September 2020ppNotwithstanding these variances in previous cases some experts are struck by other irregularities in Antropenkos case including his conditions of release He is not banned from using the internet or computers but limited to devices and services disclosed during supervision that are subject to monitoringppMore lenient conditions of release are typically offered in exchange for cooperation according to threat analysts and a former FBI special agent who specialized in cybersecurity investigations ppThe investigators that tracked him down will certainly want to know who the bigger fish are and theyll want to figure out who else they could take down the former FBI special agent speaking on condition of anonymity told CyberScoop If hes willing to cooperate then normally the federal system will do good things for youppAuthorities imposed travel restrictions on Antropenko required him to surrender his passport banned him from entering a Russian embassy or consulate and are monitoring his locationppThe federal case against Antropenko accentuates how finite resources can put law enforcement and federal investigators at a disadvantage as they confront a constant crush of cybercrime ppThe FBI and prosecutors accuse Antropenko of deploying ransomware and extorting victims by email and implicate him and his exwife Valeriia Bednarchik in the laundering of ransomware proceeds Investigators traced the path of ransom payments money laundering techniques and services and determined the seized accounts cash and vehicles were derived from criminal proceedsppThe FBI said it found at least 48 cryptocurrency addresses referenced in Antropenkos email account chinahelperaolcom which he registered in May 2018 including emails that received or negotiated ransom payments and emails about other ransomware attacks ppA cluster of Bitcoin addresses owned by Antropenko had received a total of approximately 101 Bitcoin as of Feb 5 2024 Out of this amount 646 Bitcoin was sent to the cryptocurrency mixing service ChipMixer according to the FBI As of todays rates the current value of 101 Bitcoin is almost 109 millionppThe 2023 takedown of ChipMixer which was used by criminals to launder more than 3 billion in cryptocurrency starting in 2017 provided crucial evidence for this investigation according to Ian Gray VP of intelligence at FlashpointppOnly after law enforcement seized ChipMixers infrastructure could investigators trace the funds linked to accounts registered in Antropenkos name he said The sophistication of Bitcoin tracing and clustering techniques also likely contributed to the timing as law enforcement has adopted software and tools more widelyppProsecutors allege that Antropenko and Bednarchik funneled money from computer fraud victims through ChipMixer then back to their own exchange accounts Antropenko also allegedly arranged inperson cryptocurrencytocash swaps in the US depositing the cash in small sums under 10000 into his bank accountppFBI investigators traced Antropenkos activities via accounts he held at Proton Mail PayPal and Bank of America and accounts he and Bednarchik controlled at Binance and Apple In Bednarchiks iCloud account agents found a seed phrase for a crypto wallet that had received over 40 Bitcoin from Antropenkos accounts as well as evidence she had agreed to safeguard a disguised copy of this phrase so the funds could be accessed if Antropenko became unavailable Her account also contained joint tax returns with Antropenko and photos showing large amounts of US cashppAuthorities also seized cash and two luxury vehicles from the apartment Antropenko and Bednarchik once shared in Irvine Calif This included a Lexus LX 570 that Antropenko purchased for more than 123000 in November 2022 and a 2022 BMW X6M that Antropenko and Bednarchik purchased for 150000 in cash in November 2021 Photos of vehicles matching those descriptions are depicted on Antropenkos public Instagram account ppRansomware operators have been assisted by their spouses in other cases but their partners involvement is typically limited to money laundering Allan Liska threat intelligence analyst at Recorded Future told CyberScoopppWhile many ransomware operators and affiliates operate outside of Russia now it is rare for a Russian national to live in the US while initiating ransomware attacks for as long as Antropenko allegedly did Liska saidppIt sounds like he may have had additional information about other people maybe bigger fish that law enforcement could go after he saidppThe US District Court for the Northern District of Texas declined to answer questions or provide additional information The most recent attorney on record for Antropenko did not respond to a request for comment ppAntropenko didnt just inflict damages on his cybercrime victims as alleged by prosecutors His volatility erupted around those closest to him according to Bednarchik who accused him of domestic violence in temporary restraining orders she filed against Antropenko in April and May 2022 ppBednarchik has been identified as Antropenkos unnamed coconspirator through court documents and public records While authorities said they plan to bring charges against her no cases are currently pendingppIn court filings Bednarchik painted a picture of a controlling relationship writing that Antropenko constantly threatens me with full custody of our son because he has a lot of money and expressing fears he might take their child to Russia without permissionppCourt records reveal the family lived together in Miami and later Irvine until 2022 Despite Bednarchik reporting only 800 monthly income from her clothing business she estimated Antropenko earned 50000 per month from cryptocurrency dividends describing him as the breadwinner for the familyppWhen Antropenko was arrested in September 2024 Bednarchik posted his 10000 bail identifying herself in the affidavit as his exwifeppShes either being redacted because shes a victim or because she is collaborating with law enforcement and has been able to get her name redacted Zach Edwards senior threat analyst at Silent Push told CyberScoopppAuthorities did not describe the extent to which Antropenko was involved with Zeppelin ransomware Prosecutors mention unnamed coconspirators in some court documents indicating they are investigating or aware of others involved in the ransomwareasaservice operationppThe Cybersecurity and Infrastructure Security Agency said Zeppelin ransomware victims include a wide range of businesses and critical infrastructure organizations including defense contractors educational institutions manufacturers technology companies and organizations in the health care and medical industries ppZeppelin a variant of the Delphibased Vega malware was used from at least 2019 to mid2022 the agency said in an August 2022 advisory A ransom note included in CISAs advisory listed an AOL address for communication regarding extortion paymentsppProsecutors and investigators working on Antropenkos case said Zeppelin ransomware affected about 138 US victims since March 2020 including a data analysis company and its CEO based in the Dallas region where Antropenko faces federal chargesppProsecutors have consistently declared the case against Antropenko complex with evidence surpassing 7 terabytes of data including personally identifiable information of victims such as names addresses photos and bank account numbers ppZeppelin and Antropenkos alleged activities rose during the second wave of ransomware when many cybercriminals were winging it and law enforcement activity was at a lull Liska said If you start off with a mistake that mistake is going to catch up to you he saidppIndeed threat researchers and analysts attribute Antropenkos capture to sloppy behaviors and practices including his use of major US service providersppAntropenkos operational security was remarkably poor Gray saidppHe used a personal PayPal account linked to recovery emails for ransomware operations shared usernames between banking and ransomware accounts and stored sensitive information like cryptocurrency seed phrases and photos of large cash amounts in iCloud accounts he continued These OPSEC failures ultimately led to law enforcement identifying AntropenkoppWhile prosecutors push Antropenkos trial date further down the road currently set for Feb 6 2026 his personal life has been unraveling He was hospitalized on a mental health hold on Dec 31 2024 and spent a week in a behavioral health hospital according to a pretrial release violation reportppAntropenko told his probation officer that his exwife took his son from him unexpectedly which led to a significant bout of depression and increase in alcohol consumption While walking around his RV park intoxicated he was approached by an individual who offered him an unknown drug which he assumed was some type of methamphetamine Antropenkos probation officer wrote in the court filingppAntropenko said he had little recollection of the events that followed Once he was placed in a police car after law enforcement arrived the following morning he assumed he was being arrested which exacerbated his depression prompting him to bang his head on the window of the police car after which he recalls regaining consciousness in the hospital the probation officer said No charges were filedppAlmost two months later Antropenko was arrested for public intoxication in Riverside County Calif when he was found laying unresponsive in the center divider of a roadway Antropenko told his probation officer he sat down on a curb near his home to smoke a cigarette after consuming four to five beers and was feeling tired so he fell asleep He was released the following dayppA US magistrate judge in Texas allowed Antropenko to remain out on bond and modified the conditions of his release to include a ban on alcohol consumption and submit to regular alcohol testingppIt strikes me as unusual to have so many drug violations and stay out on bail Kaiser said It would be overly lenient if they were still perpetrating crimes obviously against others It appears hes harming himself ppIn April Antropenko contacted his parole officer to make an unsolicited admission to cocaine use according to a court document filed in May The defendant stated that he attended a birthday celebration for a friends sister When he went to the restroom some random people offered him a bump of cocaine his probation officer said The court took no further actionppEven if he is a cooperating witness he has been given a lot of freedom a lot more freedom than we normally see in this case Liska said I cant think of any case of anybody this high profile that has been given this level of freedom cooperating or notppEdwards is also dismayed Antropenko remains out on bail pending trialppIts wild that a citizen from Russia who has been accused of partnering with serious global threat actors and is out on bail for leading a ransomware campaign has been arrested multiple times for issues associated with alcohol including passing out on a street in public and also admitted to using cocaine while out on bail and yet his bail hasnt been revoked he saidppFormer law enforcement officials were less shocked about the circumstances of Antropenkos case than security analystsppAdam Marrè chief information security officer at Arctic Wolf said the postarrest privileges granted to Antropenko arent that odd especially since Antropenkos alleged pretrial release violations dont have anything to do with cybercrimeppMarrè said Antropenkos alleged violations would have frustrated him when he was a special agent at the FBI investigating cybercrime but he understands the courts decisions adding people are innocent until proven guiltyppIts important to note the FBI is focused on outcomes according to Kaiser Getting money back to victims who were stolen from is more important than punishing some guy especially if hes not doing ransomware activities anymore she saidppIts hard to arrest these people in the first place and stop them which means its very complicated to deter them over a long period of time Kaiser added Theres no one arrest thats going to stop these types of activitiesp
