Russian Hackers Account For 74% Of Ransomware Proceeds

Uploaded on 2022-02-28 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Cyber criminals with links to Russia set the pace for ransomware attacks, accounting for nearly three-quarters of revenue from online extortion last year, according to blockchain experts at Chainalysis.

Their analysis shows that ransom payments from victims are laundered through services primarily catering to Russian users. Individuals and groups based in Russia, some of whom have been sanctioned by the United States in recent years, account for the largest proportion of activity in several forms of crypto currency crime.

Chainalysis was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records. This data has helped them identify specific ransomware strains to Russian cyber criminals using various criteria, including the sharing of documents and announcements written in the Russian language. Chainalysis say "a huge amount of crypto-currency-based money laundering" goes through Russian crypto-companies. 

According to their research, more than $400 million worth of crypto-currency payments went to groups "highly likely to be affiliated with Russia".

Analysts say they know which hacking groups are Russian because they display various characteristics, for example:

  • The ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country.
  • The gang operates in Russian on Russian-speaking forums.
  • The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US

The research is further evidence that many cyber criminal groups operate either in Russia or in the surrounding Russian-speaking countries. However, the report only looks at the flow of money to cyber criminal gang leaders, and many of these run affiliate ransomware -as-a-service operations, renting out the tools needed to launch attacks to others. Consequently, it's not known for certain where the individual hackers who work for the major criminal gangs are located.

A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks, like on Ireland's health service.  During this operation, suspected hackers were arrested in Romania, Ukraine, South Korea and Kuwait and US law enforcement agencies successfully recovered millions of dollars from the digital wallets of multiple ransomware criminals.

Russia has consistently denied that it was harbouring hackers and President Vladimir Putin told reporters at his 2021 summit with US President Joe Biden that his own intelligence shows "Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory." However, Russian authorities subsequently announced they had made numerous arrests and dismantled the notorious ransomware group REvil at the request of the United States. This operation is  rare case of the US and Russia collaborating on cyber crime.

The Chainalysis report  highlights that 9.9% of all known ransomware revenue is going to Evil Corp, a cyber crime group which the US has issued sanctions and indictments against, but who are operating in Russia with apparent impunity.

While there are greater concerns over Russian hackers and their capabilities to disrupt victim organisations, they are not the only concern. Chainalysis has also reported that cyber security analysts at Crowdstrike have concluded that many attacks by ransomware are also affiliated with Iran, mostly targeting organisations in the US, the EU, and Israel and configured to conceal espionage activity.

Chainalysis:    TechHQ:    BBC:     Business Insider:     TEISS:   CyberNews:  

You Might Also Read: 

Cyber Criminals Frustrated By Russian Crypto Currency Rules:

 

« Drawbridge Wins ‘Best Cyber Security Solution’
British Schools At Risk Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Womble Bond Dickinson

Womble Bond Dickinson

Womble Bond Dickinson is a transatlantic law firm, providing high-quality legal experience and outstanding personal service from key locations across the United Kingdom and United States.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.

Swick Technologies (SWICKtech)

Swick Technologies (SWICKtech)

SWICKtech offer IT managed services to increase IT security, stability, and performance for your organization.