74% of ransomware attacks’ money went to Russian-affiliated wallet addresses in 2021


By MYBRANDBOOK


74% of ransomware attacks’ money went to Russian-affiliated wallet addresses in 2021

According to a new report published by Chainalysis, approximately 74%, or over $400 million USD, of ransomware revenue last year were funneled into high-risk wallet addresses that are likely to have been based in Russia. The report analyzed ransomware hacks throughout 2021 and determined their affiliation to Russia through three key characteristics:

 

Traces of Russia-based cybercriminal organization Evil Corp being behind a given breach; the group has alleged ties to the Russian government.

Ransomeware programmed only against victims of non-former-Soviet countries.

Ransomware strains that share documents and announcements in the Russian language.

 

In addition to the selection criteria, it appears that web traffic data confirms the vast majority of extorted funds are laundered through Russia. Another 13% of funds sent from ransomware addresses to services went to users who were likely in Russia — more than any other region. Such ransomware strains typically infect a user's computer via a program exploit, or when downloading unknown files, etc. They then encrypt the victim's files and demand payment through, most often, Bitcoin (BTC) or Monero (XMR) to a wallet address to make the files accessible.

 

One famous case occurred last year when Russia-based hacking entity Darkside, through exploiting a single leaked password, infected the computer systems of Colonial Pipeline. As a result, the pipeline's operators were forced to pay over $4 million in crypto ransom — of which $2.3 million was recovered — to regain access to their encrypted files, but not before causing a brief fuel crisis during the ordeal.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org