Russian Hackers Account For 74% Of Ransomware Proceeds

Cyber criminals with links to Russia set the pace for ransomware attacks, accounting for nearly three-quarters of revenue from online extortion last year, according to blockchain experts at Chainalysis.

Their analysis shows that ransom payments from victims are laundered through services primarily catering to Russian users. Individuals and groups based in Russia, some of whom have been sanctioned by the United States in recent years, account for the largest proportion of activity in several forms of crypto currency crime.

Chainalysis was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records. This data has helped them identify specific ransomware strains to Russian cyber criminals using various criteria, including the sharing of documents and announcements written in the Russian language. Chainalysis say "a huge amount of crypto-currency-based money laundering" goes through Russian crypto-companies. 

According to their research, more than $400 million worth of crypto-currency payments went to groups "highly likely to be affiliated with Russia".

Analysts say they know which hacking groups are Russian because they display various characteristics, for example:

  • The ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country.
  • The gang operates in Russian on Russian-speaking forums.
  • The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US

The research is further evidence that many cyber criminal groups operate either in Russia or in the surrounding Russian-speaking countries. However, the report only looks at the flow of money to cyber criminal gang leaders, and many of these run affiliate ransomware -as-a-service operations, renting out the tools needed to launch attacks to others. Consequently, it's not known for certain where the individual hackers who work for the major criminal gangs are located.

A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks, like on Ireland's health service.  During this operation, suspected hackers were arrested in Romania, Ukraine, South Korea and Kuwait and US law enforcement agencies successfully recovered millions of dollars from the digital wallets of multiple ransomware criminals.

Russia has consistently denied that it was harbouring hackers and President Vladimir Putin told reporters at his 2021 summit with US President Joe Biden that his own intelligence shows "Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory." However, Russian authorities subsequently announced they had made numerous arrests and dismantled the notorious ransomware group REvil at the request of the United States. This operation is  rare case of the US and Russia collaborating on cyber crime.

The Chainalysis report  highlights that 9.9% of all known ransomware revenue is going to Evil Corp, a cyber crime group which the US has issued sanctions and indictments against, but who are operating in Russia with apparent impunity.

While there are greater concerns over Russian hackers and their capabilities to disrupt victim organisations, they are not the only concern. Chainalysis has also reported that cyber security analysts at Crowdstrike have concluded that many attacks by ransomware are also affiliated with Iran, mostly targeting organisations in the US, the EU, and Israel and configured to conceal espionage activity.

Chainalysis:    TechHQ:    BBC:     Business Insider:     TEISS:   CyberNews:  

You Might Also Read: 

Cyber Criminals Frustrated By Russian Crypto Currency Rules:

 

« Drawbridge Wins ‘Best Cyber Security Solution’
British Schools At Risk Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Firmitas Cyber Solutions

Firmitas Cyber Solutions

Firmitas’ ValidiGate is a disruptive attack-prevention solution providing operational assurance and security for industrial and mission-critical systems.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Sourcepass

Sourcepass

Sourcepass is an IT consulting company that focuses on providing expert IT services, cloud computing solutions, cybersecurity services, website, and application development.