Top Cybercrime Judicial Actions Q4 2024
From new cybersecurity laws in Europe and the U.S. to landmark global agreements, Q4 2024 marked a pivotal shift in global cyber regulation. Here's what changed and why it matters.
Welcome back to Hall of Hacks Weekly
In this issue, we spotlight the most significant judicial actions from Q4 2024 that reshaped the fight against cybercrime. From global ransomware takedowns to AI-driven fraud schemes, Q4 marked a turning point in how international agencies are cracking down on cybercriminals.
First time seeing this? Please subscribe.
Overview: A Quarter of Aggressive Prosecution
Over 120 major cybercrime prosecutions were recorded across the globe in Q4, reflecting unprecedented coordination among U.S. DOJ, INTERPOL, Europol, and regional law enforcement bodies.
Key trends included:
Ransomware infrastructure dismantling
Indictments of nation-state actors
AI and deepfake-enabled fraud rings
Business email compromise (BEC) takedowns
Record-setting asset seizures and prison sentences
Ransomware Crackdowns Intensify
LockBit: Developer Rostislav Panev was indicted for orchestrating ransomware attacks on 2,500 victims across 120 countries, linked to over $500 million in extortion. Affiliates and infrastructure operators were arrested in the U.S., U.K., Spain, and Russia.
Phobos: Evgenii Ptitsyn was indicted for deploying Phobos ransomware in more than 1,000 attacks worldwide, facing charges including computer fraud, extortion, and damage to protected systems.
Financial Impact: Ransomware-related cases in Q4 2024 alone involved hundreds of millions in damages, highlighting the scale and global economic cost of these operations.
State-Backed & Organized Threat Actor Indictments
North Korean IT Worker Scheme: 14 nationals, including Jong Song Hwa and others, indicted for defrauding companies using false identities to funnel millions toward weapons programs.
APT27 (China): Chinese nationals Yin Kecheng (尹可成) and Zhou Shuai (周帅) indicted for espionage, hacking campaigns, and wire fraud, both added to the FBI’s Most Wanted list.
Evil Corp (Russia): 16 members, including Maksim Yakubets and Igor Turashev, sanctioned by the U.K. for malware and ransomware attacks on health and government sectors.
Anonymous Sudan: Leaders Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer indicted for cyberattacks on U.S. hospitals and critical services.
Massive BEC & Crypto Fraud Cases
Roman Sterlingov (Bitcoin Fog): Sentenced to 12.5 years, ordered to pay $395 million restitution for laundering 1.2 million BTC tied to darknet markets.
Babatunde Francis Ayeni: Sentenced to 10 years for running a BEC scam targeting U.S. real estate transactions, defrauding over 400 individuals of $19.6 million.
Alex Ogunshakin: Nigerian BEC fraudster sentenced to 45 months and 3 years of supervised release.
AI Deepfake & Social Engineering Fraud
In Hong Kong, 27 individuals were arrested for orchestrating romance and cryptocurrency scams using AI-generated deepfakes, resulting in the theft of $46 million from unsuspecting victims. This case highlights a growing global trend of AI-powered social engineering tactics being used to exploit financial networks and deceive individuals at scale.
Interpol-Led Mass Arrests
Two record-breaking global operations:
Africa Cyber Surge: 1,006 arrests across 16+ African nations for BEC, Ponzi, extortion, and fraud schemes totaling $193 million.
INTERPOL Global Fraud Sweep: 5,500 suspects arrested in 40 countries, with $400M+ in assets seized. Crimes included sextortion, romance scams, e-commerce fraud, and vishing.
Asset Forfeiture and Sentencing Milestones
Sentences in Q4 ranged from 3 years to 20+ years.
Restitution and forfeitures in Q4 included luxury cars (Audi, BMW, Porsche, Subaru), high-value jewelry, cash, and cryptocurrency wallets and mixers seized from convicted cybercriminals.
Notable examples:
Several major cybercriminals faced severe penalties and forfeitures in Q4. Bitfinex hackers Ilya Lichtenstein and Heather Morgan were sentenced, with billions in assets and cryptocurrency forfeited following one of the largest money laundering cases in history. Larry Harmon, the operator of the Helix cryptocurrency mixer, was sentenced and required to forfeit over $400 million in illicit assets. In Russia, multiple ransomware operators were sentenced in military court, with authorities seizing luxury assets valued in millions of rubles, euros, and U.S. dollars.
Notable Cases of Q4
Key prosecutions included Rostislav Panev, the LockBit ransomware developer indicted for orchestrating attacks against 2,500 victims across 120 countries, with over $500 million in extortion. Evgenii Ptitsyn, linked to the Phobos ransomware group, was also indicted for widespread attacks targeting healthcare and critical infrastructure. Authorities arrested Ardit and Jetmir Kutleshi along with Shpend Sokoli for operating Rydox, a dark web marketplace that trafficked stolen data and credentials. In one of the most high-profile cryptocurrency laundering cases, Heather Morgan and Ilya Lichtenstein were sentenced for their role in cleaning billions stolen from the Bitfinex hack.
Emerging Threats in Court Dockets
Law enforcement increasingly targeted infrastructure operators, not just attackers:
Charles Parks was sentenced for operating a large-scale cryptojacking scheme that stole computing resources to mine cryptocurrency.
The Elbadawy group was indicted for conducting SIM swapping attacks that led to the theft of $11 million in cryptocurrency.
Operators of Securityhide.net were charged for offering illegal DDoS-for-hire services through booter platforms.
Dozens of individuals were indicted for cyberstalking, sextortion, and other forms of online harassment targeting vulnerable victims.
Why These Judicial Actions Matter
These Q4 prosecutions represent a global escalation in cybercrime enforcement:
Infrastructure takedowns, not just end-user arrests
Nation-state threats addressed through indictments
Increased focus on AI and crypto fraud
Restitution, forfeiture, and long-term sentencing as deterrents
Law enforcement is signaling: cybercrime is no longer low-risk. The message to cybercriminals is clear: you can be found, and you will be prosecuted.
Coming Next Week
In our next edition, we’ll turn the spotlight on the Top Threat Actors of Q4 2024. From state-sponsored groups to cybercrime syndicates and emerging AI-powered scammers, we’ll break down who they are, how they operate, and what made them the most dangerous adversaries of the year.
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.