A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service (FSB), according to local media reports.
Russian outlet RBC, citing sources familiar with the investigation, reported on Wednesday that the suspect, Ruslan Satuchin, allegedly presented himself as an FSB officer and demanded a large payment from Conti members in exchange for avoiding criminal prosecution.
The scheme allegedly began in September 2022, when Satuchin contacted one of Conti’s members and claimed to have influence over law enforcement activities targeting Conti, the sources said.
Satuchin denies wrongdoing. He is being held in pre-trial detention in Moscow after a criminal case was formally opened in September 2025. Police said he could interfere with witnesses if released. Defense lawyers requested house arrest, citing his family ties and saying made no attempt to flee despite knowing about the investigation.
If convicted, he could face up to 10 years in prison and a fine of up to 1 million rubles ($13,000).
Conti was one of the most active ransomware operations before shutting down in 2022. Cybersecurity researchers have linked the group to Russian-speaking cybercriminals and to attacks targeting governments, healthcare providers, schools and critical infrastructure worldwide.
Two coordinated tranches of sanctions by the United States and the United Kingdom in February and September 2023 publicly named members of the Conti/Ryuk ransomware network and linked them to the wider Trickbot cybercrime infrastructure.
The gang fractured following a major leak in early 2022, when a person claiming pro-Ukraine sympathies published internal Conti chat logs, source code and infrastructure documents after the group publicly backed Russia’s invasion of Ukraine.
Security researchers have said that while Conti as a brand disappeared, former members regrouped under new ransomware operations, including Royal, Black Basta and Akira.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
