Report: 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021

Published at: Feb. 14, 2022

According to a new report published by blockchain analytics firm Chainalysis on Monday, approximately 74%, or over $400 million USD, of ransomware revenue last year were funneled into high-risk wallet addresses that are likely to be based in Russia. The report analyzed ransomware hacks throughout 2021 and determined their affiliation to Russia through three key charactersitics:

Traces of Russia-based cybercriminal organization Evil Corp being behind a given breach; the group has alleged ties to the Russian government.Ransomeware programmed only against victims of non-former-Soviet countries.Ransomware strains that share documents and announcements in the Russian language.

In addition to the selection criteria, it appears that web traffic data confirms the vast majority of extorted funds are laundered through Russia. Another 13% of funds sent from ransomware addresses to services went to users who were likely in Russia — more than any other region. Such ransomware strains typically infect a user's computer via a program exploit, or when downloading unknown files, etc. They then encrypt the victim's files and demand payment through, most often, Bitcoin (BTC) or Monero (XMR) to a wallet address to make the files accessible.

One famous case occurred last year when Russia-based hacking entity Darkside, through exploiting a single leaked password, infected the computer systems of Colonial Pipeline. As a result, the pipeline's operators were forced to pay over $4 million in crypto ransom (of which $2.3 million was recovered) to regain access to their encrypted files, but not before causing a brief fuel crisis during the ordeal.

Russian ransomware encryption hack | Source: Reuters

Tags
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Bitcoin inheritance tool to use cloud service by Russian Sberbank
A group of Russian experts is working on a new blockchain-based service to allow users to bequeath their cryptocurrency holdings and digital rights to the next generation. The National Technological Initiative (NTI), a global technical leadership program in Russia, announced a new digital inheritance tool based on blockchain technology, local news agency RIA Novosti reported Tuesday. The initiative brings together experts from three local universities, including Lomonosov Moscow State University, the National Research Nuclear University and the Moscow State Institute of International Relations. Dubbed “Time Capsule,” the service would allow users to store digital data and assets like social media …
Adoption / July 29, 2021
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks
Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel. Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users. Impersonating Italian officials As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto. The attack commonly impersonates …
Technology / July 3, 2020
Security firms are making it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit …
Adoption / Feb. 23, 2022