Russian cybercriminals are likely responsible for roughly 74% of revenue generated from ransomware attacks last year, the latest research by blockchain security analytics firm Chainalysis revealed Monday.
Per the revelations of the report, more than $400 million worth of crypto-currency payments went to addresses that are “highly likely to be affiliated with Russia in some way.” In addition, most of the illicit funds were laundered through crypto companies essentially catering to Russian users.
The firm established the findings based on three key features: whether their ransomware code is written in a way that prevents attacking former Soviet countries, whether the strains have characteristics such as documents written in the Russian language, and lastly, whether the attack was conducted by Evil Corp., a Russia-based cybercriminal group.
“A huge amount of cryptocurrency-based money laundering, not just of ransomware funds but of funds associated with other forms of cybercrime as well, goes through services with substantial operations in Russia,” Chainalysis further determined, revealing that an estimated 13% of funds sent from ransomware addresses to services went to users living in Russia.
The firm noted that it is tracking several crypto-related businesses operating in Russia’s capital Moscow. The businesses are believed to receive hundreds of millions of dollars worth of cryptocurrency per quarter, anywhere from 29% to 48% obtained from “illicit and risky” addresses.
Chainalysis’ blog post revealed some of the Moscow-based companies that have likely obtained crypto-related funds via money laundering, including Eggchange, Suex, and Bitzlato. Suex is an over-the-counter crypto exchange that became the first crypto firm sanctioned by the US.
While the Russian government has long denied its association with cybercriminals, it recently took several measures to combat illicit financing and money laundering. Not long ago, Russian officials dismantled the ransomware group REvil by arresting 14 people affiliated with the group.
In 2021, the US government seized more than $2 million from DarkSide, a Russian-based ransomware organization that was responsible for the Colonial Pipeline cyberattack last year.