Russian hackers are raking in ransomware rewards

(Image credit: Shutterstock)

Most of the money made from ransomware operations ends up in the hands of Russian-speaking threat actors, a report from market analysts Chainalysis claims.

Speaking to the BBC, Chainalysis says 74% of all money stolen through ransom demands in 2021 went to threat actors linked to Russia, in one way or another - equivalent to more than $400 million worth of cryptocurrencies.

What’s more, Chainalysis claims that “a huge amount of cryptocurrency-based money laundering” is being conducted by Russian cryptocurrency companies, as well.

Refraining from attacking Russian-speaking businesses

Most cryptocurrencies are easy to track. Their respective blockchains (the technology underpinning the tokens, or coins) are usually transparent, meaning that specific coins can easily be tracked through time. Also, specific cryptocurrency wallets can be monitored freely. 

But it’s not just wallets and money that the researchers are tracking. The BBC also reported that the malware usually used in ransomware attacks displays unique characteristics like being prevented, at code-level, from damaging files and companies on endpoints located in Russia, or other Russian-speaking countries. 

The gangs that distribute the ransomware usually hang out on Russian-speaking forums, and they are often linked to Evil Corp, a threat actor group wanted by the US which, Chainalysis claims, takes almost 10% of all ransomware revenue.

The problem with this line of thinking, BBC also adds, is that many of the ransomware threat actors work on a RaaS principle, offering Ransomware as a service to whoever is willing to pay. 

Russia, on the other hand, has denied the accusations of facilitating cyber-criminals. To that end, it reminded of the dismantling of the REvil ransomware operators, which it did at the request of the States.

Still, one of Evil Corp’s alleged leaders, Igor Turashev, is running multiple businesses from Moscow City’s Federation Tower, one of the country’s “most prestigious” addresses, the BBC added. 

"In any given quarter, the illicit and risky addresses account for between 29% and 48% of all funds received by Moscow City crypto-currency businesses", Chainalysis concluded.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.