Chainalysis has released a new report regarding blockchain investigations, finding that roughly three-quarters of ransomware revenue resulted from attacks associated with Russia in 2021. Chainalysis researchers determined that more than $400 million in cryptocurrency went to ransomware strains determined to be highly linked to Russia in some way. The connections were made based on three criteria, with the first being that the attack was conducted by the notorious Evil Corp gang, who is believed to have ties to the Russian government. The second is that the strain avoided countries in the Commonwealth of Independent States, an organization of former Soviet countries that speak Russian. According to Chainalysis, these ransomware strains contain code that prevents the encryption of files if it detects that the target’s operating system is located in one of these countries.
The last criteria was whether the ransomware strain possessed characteristics that indicated it was based in Russia, such as those that share documents or announcements in the Russian language or whose affiliates are located in Russia. In addition, the report reveals that most of the extorted funds that are the result of ransomware attacks are laundered via services catering to Russian users. It is estimated that 13% of ransomware addresses to services went to users located in Russia, far more than any other region. The report also included an analysis of several cryptocurrency businesses currently operating in Moscow City, claiming that the organizations are heavily involved in laundering digital currencies.
Read More: Three-Quarters of Ransomware Payments Linked to Russia
Read the Chainalysis Report Here: Russian Cybercriminals Drive Significant Ransomware and Cryptocurrency-based Money Laundering Activity