logo

“Stern,” Likely Most Prolific Ransomware Operator Ever, Sanctioned by EU as Action Targets Billions in Ransomware Damage

ID: b1a90e98-fb96-56c9-8259-797e84d7ff26

STIX ID: report--b1a90e98-fb96-56c9-8259-797e84d7ff26

Feed Name: Chainalysis Blog

Threat Score
88/100

Date Published: 2026-07-14

Date Updated: 2026-07-15

Author: Chainalysis Team

...
...

On 13 July 2026 the US, UK, and EU announced one of their largest coordinated cyber enforcement actions to date, sanctioning a broad ecosystem of ransomware operators and enablers. Key designations include Vitaly "Stern" Kovalev (Trickbot/Conti administrator) — whose wallets received over $300M in ransom payments — VPN and cryptor providers implicated in facilitating extortion, LummaC2 infostealer developers, bullet‑proof hosting Media Land LLC, and Russian GRU Unit 29155 affiliates; the report highlights operational scale, cross‑jurisdictional coordination, and impacts to cryptocurrency compliance.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.