Russian-speaking risk actors dominate the ransomware landscape, a new report reveals. At least 69% of all crypto profits from ransomware attacks in 2023 went to those gangs, totaling $500 million.
Threat intelligence and blockchain analysts at TRM Labs have revealed how Russian-speaking cybercriminals are involved in everything from ransomware and dark internet marketplaces to illicit cryptocurrency exchanges. In a recently published report, researchers reveal the true extent of Russian speakers’ existing influence in cybercrime.
While it turns out that North Korea is the king of hacking, with TRM noting that it has “stolen nearly $1 billion in cryptocurrency in 2023,” it is Russia that dominates the ransomware sector. Russian-speaking risk actors are “unique in the scope of their malicious activities,” TRM said. Many of these criminals are known to operate from Russia, some have ties to the Kremlin through Russian military intelligence groups, and some “actively cryptography to acquire foreign devices for the Russian war effort,” according to the analysis.
According to TRM Labs, the main topics of interest are ransomware, new dark markets, and anti-sanctions crypto exchanges.
When it comes to ransomware, the researchers said that just two computers, both Russian-speaking, account for $320 million in attack profits in 2023: Lockbit and ALPHV/Blackcat. It should be noted that any of those pieces of equipment have been subject to close surveillance by foreign authorities, leading to the absolute shutdown of ALPHV and Lockbit facing severe disruptions to infrastructure. That said, the gaps created by such disruptions are traditionally temporarily filled with new actors. Other teams with ties to Russia include Akira, Black Basta, Clop and Play.
When it comes to darknet markets, specifically when it comes to the sale of illicit drugs, Russian-speaking risk actors exercise almost general control. TRM reports that “95% of all encrypted illicit drug sales on the dark web in 2023” were made through such groups. The most populous drug trading network in 2024 is the Kraken Market, and the 3 largest Russian-speaking markets processed a total of $1. 4 billion in cryptocurrency exchanges in 2023. To put that into perspective, TRM has stated that the entire Western darknet market processed no more than $100 million during the same period.
And then there are the cryptocurrency exchanges that circumvent sanctions and are used to evade economic measures imposed through the West on Russian interests. TRM’s report highlights one such exchange, Garantex, sanctioned through the Office of Foreign Assets Control, a U. S. Treasury Department firm. Garantex accounted for 82% of crypto exchanges worldwide as sanctioned entities in 2023, analysts at TRM. overdraft. TRM Labs’ detective work revealed that some of this cryptocurrency was sent to “sanctioned Chinese brands to acquire military apparatus and critical parts used by Russian forces in Ukraine. “
Dismantling Russian-speaking criminals is a complicated and time-consuming task, but not insurmountable, as arrests through foreign law enforcement agencies have shown. Blockchain intelligence analysis, such as that provided through TRM to government agencies and monetary institutions, has become a necessity. -Have a tool to allow those withdrawals to take effect.
A community. Many voices. Create a free account to share your thoughts.
Our network aims to connect others through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
To do this, please comply with the posting regulations in our site’s terms of use. Below we summarize some of those key regulations. In short, civilized.
Your message will be rejected if we notice that it appears to contain:
User accounts will be blocked if we become aware that users are participating in:
So, how can you be a user?
Thank you for reading our Community Guidelines. Please read the full list of posting regulations discovered in our site’s Terms of Use.