Russian-Speaking Groups Responsible for Majority of Crypto Ransomware Attacks in 2023: TRM Labs

Russian-speaking ransomware groups were responsible for at least 69% of all crypto revenues from ransomware in 2023.

In 2023, Russian-language darknet markets accounted for 95% of all cryptocurrency-denominated illicit drug sales on the dark web.

Despite restrictions imposed due to the war in Ukraine, 82 percent of cryptocurrency inflows to Russia-based exchange Garantex came from sanctioned entities.

Ransomware, drug dealing and the illicit use of cryptocurrencies for sanctions evasion were common in Russia in 2023, according to a report published Thursday by TRM Labs.

Russian-language ransomware groups were responsible for at least 69% of all crypto revenues from ransomware in 2023, exceeding $500 million. Ransomware is a type of malware that prevents a user from accessing a device until a price is paid.

The two biggest ransomware operators in 2023 were Lockbit and ALPHV/Black Cat, both Russian-speaking groups. However, in February, the UK’s National Crime Agency said it had managed to take control of Lockbit’s services, “putting their entire criminal enterprise at risk,” according to an article at the time.

The report noted that in 2023, the Russian exchange Garantex accounted for 82% of the cryptocurrency volume coming from internationally sanctioned entities.

Russia’s war on Ukraine has seen countries around the world impose sanctions on the country, leading some to turn to crypto to evade sanctions. Last year, the US sanctions watchdog, the Office of Foreign Assets Control (OFAC), blacklisted a bitcoin and ether address linked to sanctions evasion. Additionally, US federal prosecutors alleged in 2022 that five Russian citizens laundered millions of dollars’ worth of cryptocurrency.

The report noted that 95% of all cryptocurrency-denominated illicit drug sales on the dark web in 2023 were made up of Russian-language dark web markets.

“Russian-speaking threat actors are unique in the breadth of their malicious activities,” the report said.

But North Korea remains the world’s hacking superpower, responsible for stealing nearly $1 billion worth of cryptocurrencies in 2023, according to the report.

Leave a Reply

Your email address will not be published. Required fields are marked *