Three-quarters of ransomware payments flowing to Russia
And up to 10 per cent of all ransomware payments globally are going to Russia-based Evil Corp
Cybercriminals linked to Russia accounted for 74 per cent of cryptocurency payments generated through ransomware attacks last year, according to analysis by crypto analytics firm Chainalysis.
Using public blockchain transaction records, Chainalysis was able to track the movement of money to and from digital wallets belonging to known hacking groups. They discovered that more than $400 million worth of cryptocurrencies was sent to entities 'very likely' to be linked with Russia in some capacity last year.
Chainalysis has been monitoring a number of cryptocurrency firms in Moscow and found that they receive hundreds of millions of dollars' worth of cryptocurency each quarter. The total reached approximately $1.2 billion in Q2'21.
Chainalysis uses three factors to evaluate if ransomware strains are linked to Russia:
- Indicators such as language and location
- Whether they avoid going after entities in former Soviet countries
- Whether they are linked to Evil Corp, a cybercrime organisation based in Russia
The company found that between 29 and 48 per cent of all cryptocurrency sent to addresses belonging to enterprises in Moscow City between 2019 and 2021 originated from 'illicit and risky' addresses.
During this period, the firms Chainalysis tracked received about $700 million worth of cryptocurrency from illicit addresses.
The recipients included:
- US-sanctioned over-the-counter exchange Suex
- Peer-to-peer exchange Bitzlato
- Eggchange, whose co-founder was reportedly detained by Russian authorities in November
Chainalysis is sure that these companies are involved in money laundering.
The analysis also revealed that Evil Corp receives nearly 10 per cent per cent of all known ransomware payments, despite the fact that the US has sanctioned and indicted the suspected cybercrime organisation - which continues to operate within Russia with apparent impunity.
Ransomware assaults are not only destructive, but are constantly evolving to elude law enforcement and security upgrades.
The Russian hacking gang Conti was the largest and most active ransomware strain in 2021 in terms of income, followed by Darkside, which attacked Colonial Pipeline in May and demanded payment in Bitcoin (BTC).
According to Chainalysis, the average ransomware payment size (in cryptocurency) increased from $88,000 in 2020 to $118,000 in 2021.
In December, the Acronis Cyberthreats Report 2022 warned that ransomware continues to be the number one threat to big and medium businesses. Acronis quoted Cybersecurity Ventures' prediction that the damages caused as a result of ransomware attacks will have exceeded $20 billion before the end of 2021.
Only 20 per cent of companies Acronis tracked reported not having been targeted in cyber attacks in 2021, compared to 32 per cent in 2020.
After a series of devastating attacks in the USA last year, the Biden administration has announced a series of initiatives to strengthen cyber defences in both the government and the private sector.
Last month, the White House released a new memo instructing federal agencies to officially move towards a zero trust approach to cyber security, to lower the risk of cyber attacks against the government's digital infrastructure.
In August, President Biden met with the heads of tech firms including Apple, Google and Microsoft to discuss how the public and private sectors can work together to improve the USA's critical infrastructure and supply chain cyber security.
The President appealed to business leaders to "raise the bar on cybersecurity," and take further steps to tackle the growing threat of cyber attacks to the US economy.