According to a report More than 74% of ransomware revenue (~$400 million) last year was routed through high-risk wallet addresses headquartered in Russia, as newly announced by blockchain analytics firm Chainalysis on Monday (February 14). The analysis looked at ransomware attacks in 2021 and concluded whether they were related to Russia based on three key characteristics.
- Evil Corp, a Russian cybercriminal gang with ties to the Russian government
- Ransomeware is programmed only against victims of former non-Soviet countries.
- Ransomeware strains share documents and announcements in Russian.
In addition to the above criteria, internet traffic data confirms that the majority of extortions are laundered through Russia. Another 13% of funds sent to services from ransomeware addresses went to likely users in Russia, more than in any other region.
Usually, ransomware infects the user’s computer through a program vulnerability or by downloading unknown files, etc.
Then they encrypt the victim’s files and demand payment over the stream, most often Bitcoin (BTC) or Monero (XMR) to a wallet address make files accessible.
Last year, the Russian hacker group Darkside hacked into Colonial Pipeline’s computer system using a single stolen password. As a result, the pipeline operators were forced to pay a crypto ransom of more than $4 million (of which $2.3 million was recovered) to regain access to the encrypted files, but not before a temporary gas shortage was caused.
Hack Russian ransomware encryption | Source: Reuters