Russian hackers are raking in ransomware rewards

Most of the money extorted through ransomware ends up in Russia, researchers claim

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Most of the money made fromransomwareoperations ends up in the hands of Russian-speaking threat actors, a report from market analysts Chainalysis claims.

Speaking to theBBC, Chainalysis says 74% of all money stolen through ransom demands in 2021 went to threat actors linked to Russia, in one way or another - equivalent to more than $400 million worth of cryptocurrencies.

What’s more, Chainalysis claims that “a huge amount of cryptocurrency-based money laundering” is being conducted by Russian cryptocurrency companies, as well.

Refraining from attacking Russian-speaking businesses

Most cryptocurrencies are easy to track. Their respective blockchains (the technology underpinning the tokens, or coins) are usually transparent, meaning that specific coins can easily be tracked through time. Also, specific cryptocurrency wallets can be monitored freely.

But it’s not just wallets and money that the researchers are tracking. The BBC also reported that the malware usually used in ransomware attacks displays unique characteristics like being prevented, at code-level, from damaging files and companies onendpointslocated in Russia, or other Russian-speaking countries.

The gangs that distribute the ransomware usually hang out on Russian-speaking forums, and they are often linked to Evil Corp, a threat actor group wanted by the US which, Chainalysis claims, takes almost 10% of all ransomware revenue.

Russia says it has dismantled the REvil ransomware gang>Russian ransomware group reportedly behind Olympus attack>Kaseya ransomware attack was apparently coded to avoid Russia

The problem with this line of thinking, BBC also adds, is that many of the ransomware threat actors work on a RaaS principle, offering Ransomware as a service to whoever is willing to pay.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Russia, on the other hand, has denied the accusations of facilitating cyber-criminals. To that end, it reminded of the dismantling of the REvil ransomware operators, which it did at the request of the States.

Still, one of Evil Corp’s alleged leaders, Igor Turashev, is running multiple businesses from Moscow City’s Federation Tower, one of the country’s “most prestigious” addresses, the BBC added.

“In any given quarter, the illicit and risky addresses account for between 29% and 48% of all funds received by Moscow City crypto-currency businesses”, Chainalysis concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)