Toner News Mobile › Forums › Toner News Main Forums › Russian Ransomware Gangs Secure $500 Million in Cryptocurrency Payments.
- This topic is empty.
-
AuthorPosts
-
tonerKeymasterRussian Ransomware Gangs
Secure $500 Million in Cryptocurrency Payments.
A new report highlights the dominance of Russian-speaking cybercriminals in the ransomware sphere, revealing that these gangs collected an astonishing $500 million in cryptocurrency from ransomware attacks in 2023. This figure represents at least 69% of all ransomware-related crypto earnings for the year.TRM Labs, specialists in threat and blockchain intelligence, have uncovered the significant role Russian-speaking criminals play across various cybercrime activities, including ransomware, dark web marketplaces, and illicit cryptocurrency exchanges. Their latest findings illustrate the extent of Russian-speaking influence in the current cybercrime landscape.
North Korea Leads in Hacking, But Russia Commands Ransomware
Although North Korea is notable for its hacking prowess, with TRM Labs estimating it stole nearly $1 billion in cryptocurrency in 2023, Russia remains the dominant force in ransomware. Russian-speaking threat actors are distinguished by their wide-ranging malicious activities. Many of these criminals operate from within Russia, with some reportedly linked to Russian military intelligence and involved in using cryptocurrency to fund the Russian war effort.TRM Labs’ analysis points to ransomware, dark web marketplaces, and sanction-evading crypto exchanges as key areas of concern.Ransomware Revenue and Key Players
The report reveals that two major Russian-speaking ransomware groups, Lockbit and ALPHV/Blackcat, were responsible for generating $320 million in attack revenues in 2023. Both groups have faced intense international law enforcement pressure, with ALPHV being completely shut down and Lockbit experiencing significant infrastructure disruptions. However, history shows that such disruptions are often quickly filled by new actors. Other notable Russian-connected ransomware groups include Akira, Black Basta, Clop, and Play.Dark Web Marketplaces and Sanction-Busting Crypto Exchanges
Russian-speaking criminals have a near-monopoly on illicit drug sales on the dark web. According to TRM Labs, these groups were responsible for 95% of all cryptocurrency-based drug transactions in 2023. The Kraken Market emerged as a major player in 2024, while the top three Russian-speaking markets collectively handled $1.4 billion in crypto trades in 2023. In contrast, the entire Western dark web marketplace managed only about $100 million in the same period.The report also highlights the role of sanction-evading crypto exchanges like Garantex, which was sanctioned by the U.S. Office of Foreign Assets Control in April 2022. Garantex was found to account for 82% of crypto exchanges involving sanctioned entities globally in 2023. TRM Labs’ investigation revealed that some of this cryptocurrency was directed to sanctioned Chinese manufacturers to purchase military equipment and components for Russian forces in Ukraine.
While disrupting Russian-speaking cybercriminals poses significant challenges, it is not an insurmountable task. International law enforcement efforts, supported by blockchain intelligence from organizations like TRM Labs, have demonstrated their effectiveness in addressing these threats and continue to be a crucial tool in combatting cybercrime.
-
AuthorAugust 13, 2024 at 2:53 PM
- You must be logged in to reply to this topic.