AudiA6 ransomware crypto-laundering service dismantled — two charged, Switzerland among the participating countries
From CTI Daily Brief — 2026-06-12 · published 2026-06-12 · view item permalink →
A coordinated operation led by the US Secret Service, IRS-CI, Europol and Eurojust — with participation from Australia, Canada, France, Georgia, Germany, Iceland, Japan, Poland, Switzerland and the United Kingdom — dismantled AudiA6 on 11 June, a crypto-laundering service trusted by ransomware operations since 2021 (US Secret Service, 2026-06-11). Two men resident in Batumi, Georgia — Ruslan Igorevich Tkachuk (37) and Alexander Vladimirovich Ledenev (25) — were arrested and charged in the Eastern District of Pennsylvania with conspiracy to launder monetary instruments and sting money laundering. Blockchain analysis traced roughly 10,333 BTC (~$389.7 M at transaction-time value) through AudiA6 wallets, with ~393 BTC directly attributable to darknet markets, ransomware crews and cybercrime services; the service charged 3–10 % commission and returned "cleaned" funds within about an hour through chains of fraudulent exchange accounts opened with stolen identities. Europol links AudiA6 to more than 15 international cybercrime investigations and reports infrastructure seizures in the US, Iceland, Germany and France, alongside the seizure of the Dark2Web forum where the service advertised (Europol, 2026-06-11).
Why it matters to us: the takedown removes a monetisation layer used by ransomware groups that target EU and Swiss organisations, and seized transaction records may retrospectively attribute earlier ransom payments — IR teams with open extortion cases should watch for law-enforcement follow-up requests.