Russia (BBC) – February 15, 2022. 10:11
$400M in Cryptocurrency Paid Goes to Russia
- Russia announced last month that it had dismantled a ransomware package at the request of the United States.
- A major international operation was launched in 2021 to stop ransomware hackers
A new analysis indicates that 74 percent of ransom money obtained through some cyberattack in 2021 went to hackers linked to Russia.
Researchers say more than $400 million in cryptocurrency payments went to groups “highly likely to be affiliated with Russia”.
Russia denies the charge of harboring cybercriminals.
The researchers also say that “a massive amount of crypto-based money laundering” goes through Russian crypto firms.
Chainalysis, which conducted the research, said it was able to track the flow of funds to and from the digital wallets of known hacking groups using closed public transaction records.
Analysts say they know Russian hacking groups because they exhibit some different characteristics, for example:
Write their ransom code so that they prevent files from being corrupted if it detects that the victim’s computers are in Russia or a CIS country
The gang works in Russian on Russian-speaking forums
The gang is linked to Evil Corp, a cybercrime group that the United States seeks to arrest.
This research is further evidence that many cybercriminal groups operate either in Russia or in the surrounding Commonwealth of Independent States (CIS) – an intergovernmental organization from the Russian-speaking ex-Soviet states.
The report looks only at the flow of money to the leaders of cybercrime gangs, many of whom run affiliate operations – primarily to rent tools to launch attacks on others – so it is not known where the hackers working for the big gangs come from.
A major international operation was launched in 2021 to stop ransomware hackers, after a number of high-profile and devastating attacks – for example on Ireland’s health services and the US oil pipeline.
Hackers were arrested in Romania, Ukraine, South Korea and Kuwait.
The United States has also succeeded in recovering millions of dollars from the digital wallets of many ransomware criminals.
Russia has denied for years that it harbors pirates.
Russian President Vladimir Putin told reporters at his 2021 summit with US President Joe Biden that his intelligence shows that “Russia is not included in the ranking of countries experiencing the largest number of cyberattacks from its territory.”
But last month, Russian authorities announced that they had dismantled a ransomware group called Arivil at the request of the United States.
The operation was an extremely rare case of US-Russia cooperation in cybercrime.
The Chainalysis report highlighted that 9.9 of all known ransomware proceeds go to Evil Corp, a cybercrime group that has been sanctioned and indicted by the United States but operates in Russia with apparent impunity.
A BBC investigation in November found that Igor Turachev, one of the accused leaders at Evil Corp, runs several companies outside Union Tower in Moscow.
One of Russia’s most prestigious addresses, the tower is home to prominent businesses and multi-million dollar apartments.
Chainalysis claims that several crypto companies located in the tower were used by hackers to launder illicit money, transferring cryptocurrency from digital wallet addresses to regular money.
In any given quarter, the researchers say, “illegal and risky account addresses account for between 29 and 48 percent of all funds received by cryptocurrency companies in the city of Moscow.”