Russian Hackers Account For 74% Of Ransomware Proceeds

Cyber criminals with links to Russia set the pace for ransomware attacks, accounting for nearly three-quarters of revenue from online extortion last year, according to blockchain experts at Chainalysis.

Their analysis shows that ransom payments from victims are laundered through services primarily catering to Russian users. Individuals and groups based in Russia, some of whom have been sanctioned by the United States in recent years, account for the largest proportion of activity in several forms of crypto currency crime.

Chainalysis was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records. This data has helped them identify specific ransomware strains to Russian cyber criminals using various criteria, including the sharing of documents and announcements written in the Russian language. Chainalysis say "a huge amount of crypto-currency-based money laundering" goes through Russian crypto-companies. 

According to their research, more than $400 million worth of crypto-currency payments went to groups "highly likely to be affiliated with Russia".

Analysts say they know which hacking groups are Russian because they display various characteristics, for example:

  • The ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country.
  • The gang operates in Russian on Russian-speaking forums.
  • The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US

The research is further evidence that many cyber criminal groups operate either in Russia or in the surrounding Russian-speaking countries. However, the report only looks at the flow of money to cyber criminal gang leaders, and many of these run affiliate ransomware -as-a-service operations, renting out the tools needed to launch attacks to others. Consequently, it's not known for certain where the individual hackers who work for the major criminal gangs are located.

A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks, like on Ireland's health service.  During this operation, suspected hackers were arrested in Romania, Ukraine, South Korea and Kuwait and US law enforcement agencies successfully recovered millions of dollars from the digital wallets of multiple ransomware criminals.

Russia has consistently denied that it was harbouring hackers and President Vladimir Putin told reporters at his 2021 summit with US President Joe Biden that his own intelligence shows "Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory." However, Russian authorities subsequently announced they had made numerous arrests and dismantled the notorious ransomware group REvil at the request of the United States. This operation is  rare case of the US and Russia collaborating on cyber crime.

The Chainalysis report  highlights that 9.9% of all known ransomware revenue is going to Evil Corp, a cyber crime group which the US has issued sanctions and indictments against, but who are operating in Russia with apparent impunity.

While there are greater concerns over Russian hackers and their capabilities to disrupt victim organisations, they are not the only concern. Chainalysis has also reported that cyber security analysts at Crowdstrike have concluded that many attacks by ransomware are also affiliated with Iran, mostly targeting organisations in the US, the EU, and Israel and configured to conceal espionage activity.

Chainalysis:    TechHQ:    BBC:     Business Insider:     TEISS:   CyberNews:  

You Might Also Read: 

Cyber Criminals Frustrated By Russian Crypto Currency Rules:

 

« Drawbridge Wins ‘Best Cyber Security Solution’
British Schools At Risk Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Internetwork Defense (IND)

Internetwork Defense (IND)

Internetwork Defense is a premier provider of Information Security Training and Business Consulting Services in the Mid-Atlantic region.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.