According to a report by market analyst Chainalysis, most of the money from ransomware operations goes to Russia-linked destinations.
Speaking to the BBC, Chainalysis says that in 2021, 74% of all money stolen from ransom demands went to Russia-linked threat agents in some way, the equivalent of more than $400 million worth of cryptocurrency.
Chainalysis also claims that “massive cryptocurrency-based money laundering” is being carried out by Russian cryptocurrency companies.
Most cryptocurrencies are easy to track. The blockchains involved are generally transparent, which means certain coins can be easily tracked over time. Also, certain cryptocurrency wallets can be freely tracked.
But it’s not just wallets and money that researchers watch. The BBC reports that the malware typically used in ransomware attacks demonstrates unique features at the code level, such as preventing it from harming files and companies located at endpoints in Russia or other Russian-speaking countries.
Gangs distributing ransomware often appear on Russian-speaking forums and are often linked to Evil Corp, a threat-aware group sought after by the US and which, according to Chainalysis, takes almost 10% of all ransomware revenues.
The problem with this way of thinking, as the BBC pointed out, is that many of the ransomware threat actors operate on a RaaS principle and offer ransomware as a service to anyone willing to pay.
Russia denies accusations of facilitating cybercrime. To this end, it does not neglect to remind the elimination of REvil ransomware operators, which took place at the request of the USA.
Still, as the BBC adds, Igor Turashev, said to be one of the leaders of Evil Corp, runs multiple businesses from Moscow City’s Federation Tower, one of the country’s “most prestigious” addresses.
Chainalysis concludes that “In any given quarter, illegal and risky addresses account for 29% to 48% of all funds received by Moscow City cryptocurrency businesses”…