Three quarters Of Ransomware Payments Go To Russian Hackers

Roughly 74 percent of all ransomware revenue in 2021 was sent to Russian-linked cyber-criminals, Chainalysis research has discovered

The sheer scale of cyber crimes attributable to Russian-linked hackers has been revealed in new research from Chainalysis.

In a blog post, Chainalysis revealed that “roughly 74 percent of ransomware revenue in 2021 – over $400 million worth of cryptocurrency – went to strains we can say are highly likely to be affiliated with Russia in some way.”

It comes after the same security specialist last month revealed that North Korean hackers stole nearly $400 million (£292m) in cryptocurrencies last year, mainly from investment firms and centralised exchanges.

Russia spy - Shutterstock - © gubh83

Russian hackers

Chainalysis was able to follow the flow of ransomware payments to and from the digital wallets of known hacking groups using public blockchain transaction records.

This revealed that after ransomware attacks take place, most of the extorted funds are laundered through services primarily catering to Russian users.

Copyright Chainalysis

They can identify Russian hackers and cybercriminals as they display typical the following criteria.

  • Firstly the gang is linked to Evil Corp, the notorious Russian-linked cybercrime group.
  • Secondly, the ransomware code across multiple strains is written to prevent the encryption of files if it detects the victim’s operating system is located in Russia or a CIS country (former Russian speaking countries of the Soviet Union).
  • The third and final identifying criteria is the gang operates in Russian, on Russian-speaking forums.

Chainalysis pointed out that Russia Russia is a leading country in cryptocurrency adoption, placing 18th overall on its Global Crypto Adoption Index.

“But the story of Russia’s cryptocurrency usage isn’t entirely positive,” the firm warned. “Individuals and groups based in Russia – some of whom have been sanctioned by the United States in recent years – account for a disproportionate share of activity in several forms of cryptocurrency-based crime.”

“Russia has long been home to some of the most skilled hackers in the world,” it added. “According to cybersecurity investigators like Brian Krebs, this is largely due to the country’s excellence in computer science education, combined with low economic prospects even for those who are skilled in the field.”

“Given this background, it may not be surprising that Russia leads the way in ransomware,” Chainalysis said. “But the degree to which Russia-based ransomware strains dominate is quite shocking.”

An estimated 13 percent of funds sent from ransomware addresses to services went to users estimated to be in Russia, more than any other region,” said Chainalysis.

“That brings us to another point: A huge amount of cryptocurrency-based money laundering, not just of ransomware funds but of funds associated with other forms of cybercrime as well, goes through services with substantial operations in Russia.”

Russian denials

Russia has long denied it harbours criminal hacking gangs, despite Western governments regularly identifying the country as housing the attackers.

Last October the head of the National Cyber Security Centre (NCSC), Lindy Cameron, made clear that Russia remained the UK’s most acute cyber threat.

Prior to that in May 2021, then British Foreign Secretary Dominic Raab warned Russia that it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.