Russian Hackers Account For 74% Of Ransomware Proceeds

Cyber criminals with links to Russia set the pace for ransomware attacks, accounting for nearly three-quarters of revenue from online extortion last year, according to blockchain experts at Chainalysis.

Their analysis shows that ransom payments from victims are laundered through services primarily catering to Russian users. Individuals and groups based in Russia, some of whom have been sanctioned by the United States in recent years, account for the largest proportion of activity in several forms of crypto currency crime.

Chainalysis was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records. This data has helped them identify specific ransomware strains to Russian cyber criminals using various criteria, including the sharing of documents and announcements written in the Russian language. Chainalysis say "a huge amount of crypto-currency-based money laundering" goes through Russian crypto-companies. 

According to their research, more than $400 million worth of crypto-currency payments went to groups "highly likely to be affiliated with Russia".

Analysts say they know which hacking groups are Russian because they display various characteristics, for example:

  • The ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country.
  • The gang operates in Russian on Russian-speaking forums.
  • The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US

The research is further evidence that many cyber criminal groups operate either in Russia or in the surrounding Russian-speaking countries. However, the report only looks at the flow of money to cyber criminal gang leaders, and many of these run affiliate ransomware -as-a-service operations, renting out the tools needed to launch attacks to others. Consequently, it's not known for certain where the individual hackers who work for the major criminal gangs are located.

A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks, like on Ireland's health service.  During this operation, suspected hackers were arrested in Romania, Ukraine, South Korea and Kuwait and US law enforcement agencies successfully recovered millions of dollars from the digital wallets of multiple ransomware criminals.

Russia has consistently denied that it was harbouring hackers and President Vladimir Putin told reporters at his 2021 summit with US President Joe Biden that his own intelligence shows "Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory." However, Russian authorities subsequently announced they had made numerous arrests and dismantled the notorious ransomware group REvil at the request of the United States. This operation is  rare case of the US and Russia collaborating on cyber crime.

The Chainalysis report  highlights that 9.9% of all known ransomware revenue is going to Evil Corp, a cyber crime group which the US has issued sanctions and indictments against, but who are operating in Russia with apparent impunity.

While there are greater concerns over Russian hackers and their capabilities to disrupt victim organisations, they are not the only concern. Chainalysis has also reported that cyber security analysts at Crowdstrike have concluded that many attacks by ransomware are also affiliated with Iran, mostly targeting organisations in the US, the EU, and Israel and configured to conceal espionage activity.

Chainalysis:    TechHQ:    BBC:     Business Insider:     TEISS:   CyberNews:  

You Might Also Read: 

Cyber Criminals Frustrated By Russian Crypto Currency Rules:

 

« Drawbridge Wins ‘Best Cyber Security Solution’
British Schools At Risk Of Cyber Attacks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

IT Career Switch

IT Career Switch

An IT Career Switch Traineeship is the easiest way to start a new career in IT or Cybersecurity with fantastic career prospects.

Level39 (L39)

Level39 (L39)

Level39 is the world's most connected tech community, with over 200 tech startups and scaleups based onsite.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.

modePUSH

modePUSH

modePUSH is a cybersecurity company focused on end-to-end breach response from Digital Forensics to Restoration across the enterprise and cloud environments.

Securafy

Securafy

At Securafy, we understand how important it is to have the right IT partner by your side. For over 30 years, we’ve helped businesses stay secure, connected, and compliant.

SafeShark

SafeShark

SafeShark are Product Security and Telecommunications Infrastructure (PTSI) Act and Radio Equipment Directive (RED) compliance specialists.

Secher Security

Secher Security

Secher Security is a professional and secure partner with a high level of professional expertise in simplifying and optimizing complex IT infrastructures.