Report: 74% of stolen funds from ransomware attacks in 2021 went to wallet addresses linked to Russia

About 74 percent (more than $400 million) of ransomware revenue last year went to high-risk wallet addresses that may be located in Russia, according to a new report released Monday by blockchain analytics firm Chainalysis. The report analyzed ransomware hacks throughout 2021 and identified their ties to Russia by three key characteristics:

1. The traces left behind a particular intrusion by the Russian cybercriminal group Evil Corp; the group is said to have ties to the Russian government.

2. Ransomware targeting victims only in countries other than the former Soviet Union.

3. A ransomware virus that shares files and announcements in Russian.

Network traffic data appears to confirm that the vast majority of the extorted funds were laundered through Russia. Another 13% of funds sent to services from ransomware addresses went to users who were likely in Russia — more than in any other region. This type of ransomware usually infects users’ computers through program vulnerabilities or downloading unknown files. They then encrypt the victim’s file and ask to send Bitcoin or Monero (XMR) to a wallet address in order to open the file.

A well-known case occurred last year when the Russian hacking entity Darkside infected Colonial Pipeline’s computer systems by exploiting a leaked password. As a result, the pipeline operator was forced to pay a crypto ransom of more than $4 million — $2.3 million of which was recovered — to regain access to its encrypted files, but also sparked a brief gas crisis in the meantime.


Russian ransomware encryption hack | Source: Reuters

As a blockchain news information platform, Cointelegraph Chinese only represents the author’s personal views, has nothing to do with the position of Cointelegraph Chinese platform, and does not constitute any investment and financial advice. Readers are requested to establish correct currency concepts and investment concepts, and effectively improve risk awareness.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-02-14 22:19
Next 2022-02-14 22:24

Related articles