Russian Hackers Account For 74% Of Ransomware Proceeds

Uploaded on 2022-02-28 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Cyber criminals with links to Russia set the pace for ransomware attacks, accounting for nearly three-quarters of revenue from online extortion last year, according to blockchain experts at Chainalysis.

Their analysis shows that ransom payments from victims are laundered through services primarily catering to Russian users. Individuals and groups based in Russia, some of whom have been sanctioned by the United States in recent years, account for the largest proportion of activity in several forms of crypto currency crime.

Chainalysis was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records. This data has helped them identify specific ransomware strains to Russian cyber criminals using various criteria, including the sharing of documents and announcements written in the Russian language. Chainalysis say "a huge amount of crypto-currency-based money laundering" goes through Russian crypto-companies. 

According to their research, more than $400 million worth of crypto-currency payments went to groups "highly likely to be affiliated with Russia".

Analysts say they know which hacking groups are Russian because they display various characteristics, for example:

  • The ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country.
  • The gang operates in Russian on Russian-speaking forums.
  • The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US

The research is further evidence that many cyber criminal groups operate either in Russia or in the surrounding Russian-speaking countries. However, the report only looks at the flow of money to cyber criminal gang leaders, and many of these run affiliate ransomware -as-a-service operations, renting out the tools needed to launch attacks to others. Consequently, it's not known for certain where the individual hackers who work for the major criminal gangs are located.

A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks, like on Ireland's health service.  During this operation, suspected hackers were arrested in Romania, Ukraine, South Korea and Kuwait and US law enforcement agencies successfully recovered millions of dollars from the digital wallets of multiple ransomware criminals.

Russia has consistently denied that it was harbouring hackers and President Vladimir Putin told reporters at his 2021 summit with US President Joe Biden that his own intelligence shows "Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory." However, Russian authorities subsequently announced they had made numerous arrests and dismantled the notorious ransomware group REvil at the request of the United States. This operation is  rare case of the US and Russia collaborating on cyber crime.

The Chainalysis report  highlights that 9.9% of all known ransomware revenue is going to Evil Corp, a cyber crime group which the US has issued sanctions and indictments against, but who are operating in Russia with apparent impunity.

While there are greater concerns over Russian hackers and their capabilities to disrupt victim organisations, they are not the only concern. Chainalysis has also reported that cyber security analysts at Crowdstrike have concluded that many attacks by ransomware are also affiliated with Iran, mostly targeting organisations in the US, the EU, and Israel and configured to conceal espionage activity.

Chainalysis:    TechHQ:    BBC:     Business Insider:     TEISS:   CyberNews:  

You Might Also Read: 

Cyber Criminals Frustrated By Russian Crypto Currency Rules:

 

« Drawbridge Wins ‘Best Cyber Security Solution’
British Schools At Risk Of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.