New analysis suggests that 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers, the BBC reports.
Researchers say more than $400 million worth of crypto-currency payments went to groups “highly likely to be affiliated with Russia.”
Russia has denied accusations that it is harbouring cyber-criminals.
Researchers also claim “a huge amount of crypto-currency-based money laundering” goes through Russian crypto-companies.
Chainalysis, which carried out the research, said it was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records.
Analysts say they know which hacking groups are Russian because they display various characteristics, for example:
- Their ransomware code is written to prevent it from damaging files if it detects the victim’s computers are located in Russia or Commonwealth of Independent States (CIS) country
- The gang operates in Russian on Russian-speaking forums
- The gang is linked to Evil Corp, an alleged cyber-crime group wanted by the U.S.
The research is further evidence that many cyber-criminal groups operate either in Russia or in the surrounding CIS, an intergovernmental organization of Russian-speaking, former Soviet countries.
However, the report only looks at the flow of money to cyber-criminal gang leaders, and many run affiliate operations – essentially renting out the tools needed to launch attacks to others – so it is not known where the individual hackers who work for the big gangs are from.
A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks – for example, on Ireland’s health service and an oil pipeline in the U.S.
Alleged hackers were arrested in Romania, Ukraine, South Korea, and Kuwait. The U.S. has successfully retrieved millions of dollars from the digital wallets of ransomware criminals.
For years, Russia has denied that it was harbouring hackers.
Russian President Vladimir Putin told reporters at his 2021 summit with U.S. President Joe Biden that his own intelligence shows “Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory.”
However, last month Russian authorities announced they had dismantled ransomware group REvil at the request of the U.S.
The operation is an extremely rare case of the U.S. and Russia collaborating on cyber-crime.
In the Chainalysis report, it is highlighted that 9.9% of all known ransomware revenue is going to Evil Corp., a group that is operating in Russia with apparent impunity.
A BBC investigation in November found that Igor Turashev, one of the accused leaders of Evil Corp, is operating several businesses out of Moscow City’s Federation Tower.
The tower is one of Russia’s most prestigious addresses, home to prominent businesses and with apartments valued in the millions of dollars.
Chainalysis claims several crypto-currency companies based in the tower were used by hackers to launder illicit funds, turning crypto-currency from digital wallet addresses to mainstream money.
“In any given quarter, the illicit and risky addresses account for between 29% and 48% of all funds received by Moscow City crypto-currency businesses,” researchers allege.