The United Kingdom’s National Crime Agency (NCA), leading a law enforcement initiative, has dismantled two Russian money laundering networks that collaborated with criminals globally, including ransomware operators.

Dubbed “Operation Destabilise,” this international investigation resulted in the arrest of 84 Russian-speaking individuals connected to the criminal groups Smart—headed by Russian citizen Ekaterina Zhdanova and TGR, controlled by Ukrainian national George Rossi.

These networks aided Russian cybercriminals in laundering their illicit earnings. The NCA reported that in 2021, Zhdanova processed over $2.3 million believed to be cryptocurrency ransom payments made by victims to the Ryuk ransomware group. The agency estimates that the group, whose members were sanctioned by the UK in 2023, extorted at least £27 million from 149 UK victims, including hospitals, schools, businesses, and local authorities. However, the actual impact is likely much greater.

Ryuk was a ransomware-as-a-service operation active between 2018 and 2020. The Wizard Spider cybercrime gang behind it later switched to using Conti ransomware. Conti ceased operations in May 2022, splitting into smaller units that either joined other ransomware groups or started their own.

In executing Operation Destabilise, UK law enforcement collaborated with numerous international partners, including the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the FBI, the Drug Enforcement Administration, France’s Central Directorate of the Judicial Police, and Ireland’s national police and security service, An Garda Síochána.

To disrupt the money laundering activities of these criminal rings, the NCA also worked closely with authorities in the United Arab Emirates (UAE). Rob Jones, Director General of Operations at the NCA, commented that Operation Destabilise has uncovered money laundering networks involving billions of dollars, operating in ways previously unknown to international law enforcement and regulators.

He added that, for the first time, authorities have mapped connections between Russian elites, wealthy cybercriminals using cryptocurrency, and drug gangs in the UK. The link between them—the combined operations of Smart and TGR—had remained hidden until now.

In November 2023, OFAC imposed sanctions on Zhdanova for laundering millions in cryptocurrency for various individuals, including ransomware operators. Other suspects connected to the two money laundering networks, such as Elena Chirkinyan and Andrejs Bradens, were also sanctioned by OFAC alongside Rossi.

Among other services, Smart and TGR assisted Russian elites and sanctioned individuals in circumventing financial restrictions to invest in Western economies. Chirkinyan of the TGR Group also helped conceal fund transfers from Russia, likely intended to support a Russian-language media outlet in the UK. These funds are believed to have originated from Russia Today (RT), which is currently sanctioned in the UK.

Additionally, cryptocurrency addresses tied to these two money laundering networks have been linked to transactions involving Garantex, a cryptocurrency exchange sanctioned by the U.S. and the UK two years ago. Garantex has been associated with illegal dealings on the Hydra Market dark web platform and with payments for components used in Russian weaponry in the conflict in Ukraine.