Ransomware

Ransomware Dominated by Russian Threat Operations

Share

Sixty-nine percent of all cryptocurrency ransom payments in 2023, amounting to more than $500 million, were collected by Russia-based ransomware gangs, with LockBit, ALPHV/BlackCat, Black Basta, Cl0p, Play and Akira being the most dominant ransomware operations, reports BleepingComputer.

Meanwhile, illicit transactions on three of the leading Russian dark web markets totaled $1.4 billion last year, an increase from 2022, compared with only $100 million amassed by all of the Western dark web markets, which was lower than in 2022, a TRM Labs report showed. Money laundering efforts were also led by Russia, with most of the illegal cryptocurrency proceeds managed by Russian virtual currency exchange Garantex, which had been subjected to U.S. sanctions two years ago for its involvement in the laundering of Hyda dark web market proceeds, researchers found.

Additional analysis revealed that some of the laundered funds have been funneled by Russian threat actors toward purchases of military equipment, semiconductors, and other devices from sanctioned Chinese manufacturers.

Ransomware Dominated by Russian Threat Operations

Russia-based ransomware gangs LockBit, ALPHV/BlackCat, Black Basta, Cl0p, Play and Akira accounted for 69% of all cryptocurrency ransom payments in 2023.