According to a new report published by blockchain analytics firm Chainalysis on Monday, approximately 74%, or over $400 million USD, of ransomware revenue last year were funneled into high-risk wallet addresses that are likely to be based in Russia. The report analyzed ransomware hacks throughout 2021 and determined their affiliation to Russia through three key charactersitics:

  • Traces of Russia-based cybercriminal organization Evil Corp being behind a given breach; the group has alleged ties to the Russian government.
  • Ransomeware programmed only against victims of non-former-Soviet countries.
  • Ransomware strains that share documents and announcements in the Russian language.

    • In addition to the selection criteria, it appears that web traffic data confirms the vast majority of extorted funds are laundered through Russia. Another 13% of funds sent from ransomware addresses to services went to users who were likely in Russia — more than any other region. Such ransomware strains typically infect a user’s computer via a program exploit, or when downloading unknown files, etc. They then encrypt the victim’s files and demand payment through, most often, Bitcoin (BTC) or Monero (XMR) to a wallet address to make the files accessible.
    One famous case occurred last year when Russia-based hacking entity Darkside, through exploiting a single leaked password, infected the computer systems of Colonial Pipeline. As a result, the pipeline’s operators were forced to pay over $4 million in crypto ransom (of which $2.3 million was recovered) to regain access to their encrypted files, but not before causing a brief fuel crisis during the ordeal.
    Russian ransomware encryption hack | Source: Reuters

    Print Friendly, PDF & Email

    Related Posts