Wednesday, April 17, 2024

Three-quarters of cash from ransomware attacks went to hackers linked to Russia, research indicates

New analysis suggests that 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers, the BBC reports.

Researchers say more than $400 million worth of crypto-currency payments went to groups “highly likely to be affiliated with Russia.”

Russia has denied accusations that it is harbouring cyber-criminals.

Researchers also claim “a huge amount of crypto-currency-based money laundering” goes through Russian crypto-companies.

Chainalysis, which carried out the research, said it was able to follow the flow of money to and from the digital wallets of known hacking groups using public blockchain transaction records.

Analysts say they know which hacking groups are Russian because they display various characteristics, for example:

  • Their ransomware code is written to prevent it from damaging files if it detects the victim’s computers are located in Russia or Commonwealth of Independent States (CIS) country
  • The gang operates in Russian on Russian-speaking forums
  • The gang is linked to Evil Corp, an alleged cyber-crime group wanted by the U.S.

The research is further evidence that many cyber-criminal groups operate either in Russia or in the surrounding CIS, an intergovernmental organization of Russian-speaking, former Soviet countries.

However, the report only looks at the flow of money to cyber-criminal gang leaders, and many run affiliate operations – essentially renting out the tools needed to launch attacks to others – so it is not known where the individual hackers who work for the big gangs are from.

A major international operation was launched in 2021 to stop ransomware hackers, after many high-profile and disruptive attacks – for example, on Ireland’s health service and an oil pipeline in the U.S.

Alleged hackers were arrested in Romania, Ukraine, South Korea, and Kuwait. The U.S. has successfully retrieved millions of dollars from the digital wallets of ransomware criminals.

For years, Russia has denied that it was harbouring hackers.

Russian President Vladimir Putin told reporters at his 2021 summit with U.S. President Joe Biden that his own intelligence shows “Russia is not listed in this ranking of countries that see the most significant number of cyber-attacks from their territory.”

However, last month Russian authorities announced they had dismantled ransomware group REvil at the request of the U.S.

The operation is an extremely rare case of the U.S. and Russia collaborating on cyber-crime.

In the Chainalysis report, it is highlighted that 9.9% of all known ransomware revenue is going to Evil Corp., a group that is operating in Russia with apparent impunity.

A BBC investigation in November found that Igor Turashev, one of the accused leaders of Evil Corp, is operating several businesses out of Moscow City’s Federation Tower.

The tower is one of Russia’s most prestigious addresses, home to prominent businesses and with apartments valued in the millions of dollars.

Chainalysis claims several crypto-currency companies based in the tower were used by hackers to launder illicit funds, turning crypto-currency from digital wallet addresses to mainstream money.

“In any given quarter, the illicit and risky addresses account for between 29% and 48% of all funds received by Moscow City crypto-currency businesses,” researchers allege.

BIG Media
BIG Media
Our focus is on facts, accurate data, and logical interpretation. Our only agenda is the truth.

BIG Wrap

Prosecutors push election angle in Trump ‘hush money’ case

(Al Jazeera Media Network) It is a blockbuster legal case, set to dominate headlines for weeks to come. On Monday, Donald Trump has become the...

Iran attack ‘will be met with response,’ says Israeli army chief

(BBC News) Israel has vowed to respond to Iran's attack on Saturday and is considering its next steps, the country's army chief says. Tehran launched...