Ransomware is an extortion method that has been on the rise in recent years. A study by Chainalysis looks at Russia, where many of the criminal networks in this industry are affiliated. Let’s take a look at this information and the entire Russian crypto-crime scene.
Ransomware affiliated with Russia
In an excerpt from a report to be released this month on crypto-crime, Chainalysis tells us that a large portion of ransomware revenue, nearly 73%, is affiliated with Russia in some way.
According to their research criteria, this percentage of revenue falls into the following categories:
- 26.4% are from software avoiding the countries of the Commonwealth of Independent States (CIS), an intergovernmental organization of former USSR nations;
- 9.9 percent is linked to Evil Corp, a Russian cybercrime organization;
- 36.4% of revenue being classified as “other Russia connections”.
- Breakdown of ransomware revenue
Chainalysis relies on several elements in order to reach these conclusions, for example, it will look for whether the software used shares documents in Russian language. Or, if these same programs exclude from their attacks computers configured in Russian, like the Mars Stealer Trojan, which, although functioning differently, uses this feature.
The survey also reveals that the loot from these attacks amounts to $400 million over the year 2021, and unsurprisingly, the targets are mostly located in North America. Moreover, 13% of these extorted funds would flow directly from the addresses of these ransomware to Russia.
Moscow, a hub for money laundering
Far from being limited to ransomware, the Chainalysis study shows us that a large part of the revenue from crypto-crime in Russia passes through Moscow during the laundering process.
More specifically, these funds are channeled through cryptocurrency-related companies. Although these companies are not directly involved in illicit activities, a significant portion of the money inflow comes from criminal activities.
Over the period from the beginning of 2019 to the second quarter of 2021, the illicit funds received by Moscow cryptocurrency companies weigh $ 700 million, or 13% of transactions. Depending on the quarter studied, this can rise to 48%. Regarding the origin of this capital, almost 89% of it is generated by scams and trading on the darkweb.
Ironically, in a decentralized ecosystem, nearly half of the companies scrutinized by Chainalysis are said to operate from the Federation Tower, a double-skyscraper complex in the economic district, Moskva-City.
The unit statistics of each company of the studied panel are very disparate. For some, these disputed funds represent less than 10% of their overall volume, which gives the benefit of the doubt as to whether or not they were intentionally involved. But for other companies, they sometimes represent more than 30%, which on the contrary suggests that money laundering is knowingly carried out.
Of course, even if this entire industry represents a significant amount of money, it is still marginal compared to the total volume of our ecosystem. This is not to fall into the trap of saying that cryptocurrency is fueling crime. Cryptocurrency remains a tool that cannot be reduced to this use case, just as it would be absurd to say that a computer is dangerous because hackers use it.