Home > Security > Security News

Moscow Man Charged in Extortion of Conti Ransomware Gang via Federal Security Service Impersonation

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Control Room - Screens - Worl Map - Hackers - Personnel
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Suspect Charged: A Moscow resident, Ruslan Satuchin, has been formally charged with attempting to extort the Conti ransomware gang.
  • Alleged Impersonation: Satuchin is accused of posing as an officer of Russia’s Federal Security Service (FSB) to demand payment in exchange for protection from prosecution.
  • Notorious Target: The Conti ransomware group was one of the most prolific cybercriminal organizations before it officially disbanded in 2022.

Russian authorities have charged a Moscow man with attempting to extort the infamous Conti ransomware group by falsely representing his position and authority. The suspect, Ruslan Satuchin, allegedly impersonated an officer of the Federal Security Service (FSB) to demand a significant payment from Conti members. 

Conti Extortion Allegations

The scheme began in September 2022, when the Russian man contacted a gang member, claiming he could leverage his supposed influence to shield them from criminal prosecution for a large sum of money, reported the Russian outlet RBC, citing sources familiar with the investigation.

The criminal case against Satuchin and "unidentified individuals" was formally opened in September 2025, and he is currently being held in pre-trial detention. Satuchin, who denies the allegations, faces up to 10 years in prison and a fine of up to one million rubles if convicted. 

This case is notable as it involves one of the most destructive ransomware groups being targeted by a traditional extortion scheme from within its own operating region.

Conti Ransomware Legacy

The Conti ransomware group was a dominant force in global cybercrime, responsible for high-profile attacks against entities worldwide. The group officially ceased operations in 2022 following internal fractures, notably after a major leak of their internal chat logs and source code.

Despite the brand's dissolution, security researchers have traced its former members to new ransomware operations, including Akira and BlackBasta. 

In October 2025, a Conti suspect was extradited from Ireland to the U.S. to face charges, and Conti and Trickbot ransomware operators were exposed in a massive data leak in June 2025. In May 2025, researchers observed LockBit and Conti TTPs leveraged by DragonForce in ransomware attacks.

Add a Comment
Related
CISCO
Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning 
Claude Code Critical Flaws Allowed RCE and API Token Theft: AI Development Security Risks Exposed
Hacker - Laptop
Scattered Lapsus$ Hunters Offers $1,000 to Women Recruited for Vishing Campaigns
Florida IT Disruption Allegedly Linked to INC Ransom: Cocoa City Issues Emergency Declaration
Hacker - Control Room - Nodes
Threat Actor Claims Breach of Bahrain National Security Agency, Targets Email Server Infrastructure
US Court with Flag
Former Defense Contractor Sentenced to 87 Months in Prison for Selling Secrets to Russia: Peter Williams Trade Secrets Case Concludes
Most Popular
CISCO
Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning 
Claude Code Critical Flaws Allowed RCE and API Token Theft: AI Development Security Risks Exposed
Hacker - Laptop
Scattered Lapsus$ Hunters Offers $1,000 to Women Recruited for Vishing Campaigns
Windscribe Launches New App Update to Restore VPN Access in Iran and Russia
Windscribe Launches New App Update to Restore VPN Access in Iran and Russia
PIA transparency report Q4 overview info
PIA Q4 Report Shows it Received 30 Legal Requests in Q4 2025 but Produced No User Data - Know Everything
Florida IT Disruption Allegedly Linked to INC Ransom: Cocoa City Issues Emergency Declaration
Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning 
Claude Code Critical Flaws Allowed RCE and API Token Theft: AI Development Security Risks Exposed
Scattered Lapsus$ Hunters Offers $1,000 to Women Recruited for Vishing Campaigns
Windscribe Launches New App Update to Restore VPN Access in Iran and Russia
PIA Q4 Report Shows it Received 30 Legal Requests in Q4 2025 but Produced No User Data - Know Everything
Florida IT Disruption Allegedly Linked to INC Ransom: Cocoa City Issues Emergency Declaration

Most Popular
CISCO
Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning 
Claude Code Critical Flaws Allowed RCE and API Token Theft: AI Development Security Risks Exposed
Hacker - Laptop
Scattered Lapsus$ Hunters Offers $1,000 to Women Recruited for Vishing Campaigns
Windscribe Launches New App Update to Restore VPN Access in Iran and Russia
Windscribe Launches New App Update to Restore VPN Access in Iran and Russia
PIA transparency report Q4 overview info
PIA Q4 Report Shows it Received 30 Legal Requests in Q4 2025 but Produced No User Data - Know Everything
Florida IT Disruption Allegedly Linked to INC Ransom: Cocoa City Issues Emergency Declaration
Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning 
Claude Code Critical Flaws Allowed RCE and API Token Theft: AI Development Security Risks Exposed
Scattered Lapsus$ Hunters Offers $1,000 to Women Recruited for Vishing Campaigns
Windscribe Launches New App Update to Restore VPN Access in Iran and Russia
PIA Q4 Report Shows it Received 30 Legal Requests in Q4 2025 but Produced No User Data - Know Everything
Florida IT Disruption Allegedly Linked to INC Ransom: Cocoa City Issues Emergency Declaration

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: