skip to Main Content
bitcoin
Bitcoin (BTC) $ 98,715.45 1.20%
ethereum
Ethereum (ETH) $ 3,385.34 7.66%
tether
Tether (USDT) $ 1.00 0.16%
solana
Solana (SOL) $ 260.60 8.19%
bnb
BNB (BNB) $ 634.42 3.46%
xrp
XRP (XRP) $ 1.39 23.45%
dogecoin
Dogecoin (DOGE) $ 0.396037 1.57%
usd-coin
USDC (USDC) $ 0.999238 0.17%
staked-ether
Lido Staked Ether (STETH) $ 3,384.80 7.75%
cardano
Cardano (ADA) $ 0.885571 11.17%

Report: 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021

Russian hackers allegedly netted a profit of more than $400 million through crypto-ransomware in 2021.

159 Total views

2 Total shares

Report: 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021

According to a new report published by blockchain analytics firm Chainalysis on Monday, approximately 74%, or over $400 million USD, of ransomware revenue last year were funneled into high-risk wallet addresses that are likely to have been based in Russia. The report analyzed ransomware hacks throughout 2021 and determined their affiliation to Russia through three key characteristics:

  1. Traces of Russia-based cybercriminal organization Evil Corp being behind a given breach; the group has alleged ties to the Russian government.
  2. Ransomeware programmed only against victims of non-former-Soviet countries.
  3. Ransomware strains that share documents and announcements in the Russian language.

In addition to the selection criteria, it appears that web traffic data confirms the vast majority of extorted funds are laundered through Russia. Another 13% of funds sent from ransomware addresses to services went to users who were likely in Russia — more than any other region. Such ransomware strains typically infect a user’s computer via a program exploit, or when downloading unknown files, etc. They then encrypt the victim’s files and demand payment through, most often, Bitcoin (BTC) or Monero (XMR) to a wallet address to make the files accessible.

One famous case occurred last year when Russia-based hacking entity Darkside, through exploiting a single leaked password, infected the computer systems of Colonial Pipeline. As a result, the pipeline’s operators were forced to pay over $4 million in crypto ransom — of which $2.3 million was recovered — to regain access to their encrypted files, but not before causing a brief fuel crisis during the ordeal.

Russian ransomware encryption hack | Source: Reuters

Loading data ...
Comparison
View chart compare
View table compare
Back To Top