Disguised as ransomware, 74% of stolen funds were discovered to have gone into accounts owned by Russians in 2021. According to a new report from Chainalysis, a blockchain analysis software company, Russia has always been recognized as the hub for hackers.
Per the report, approximately $400 million worth of cryptocurrency in form of ransomware was stolen last year. Cybersecurity detective, Brain Krebs attributes Russia’s participation in this to the impeccable level of computer knowledge in the country and the low financial prospects both for skilled and unskilled workers.
Russia was not just indicted for the hack but because of some characteristics that were related to the country. The report listed some of these factors or peculiarities that made Russia a prime suspect.
The activities of the hackers were similar to that of Evil Corp, an organization in Russia known for its dealings with ransomware. The administration of this group is speculated to be connected to the Russian government.
Russia is a Commonwealth of Independent State (CIS)-avoiding country. The Commonwealth of Independent States (CIS) is an institution involving the government of several countries known to formerly belong to the Soviet Union. These countries speak Russian as their official language.
Users located in CIS countries rarely have their systems hacked because when the hackers detect their CIS location, they tend to avoid them. The operating system (OS) in the computers of these users has an encryption structure that prevents ransomware from attacking.
Russia is not the only nation perceived to have CIS-avoiding hackers, therefore, there is a possibility that the hackers may be located in any of the other countries. It was also noticed that the ransomware strain shares documents and information in the Russian language. Their affiliates are also largely believed to be residents in Russia.
Proliferation of Ransomware Attacks
Ransomware attacks seem to be spreading like wildfire, especially in North America. Crypto users in North America transferred cryptocurrency worth $131 million to hackers that dealt in ransomware between July 2020 and June 2021.
The malware was noted to be either Egregor, NetWalker, Phoenix Cryptolocker, or Doppelpaymer. These are all ransomware linked with cybercrime groups in Russia. A huge percentage of these redirected funds are used to promote insurgencies.
Missile programs in North Korea were reportedly getting funded from cryptocurrencies stolen through cyber attacks. However, no absolute conclusion has been made to determine if Russia is solidly involved in the allegations or claims put forward by the Chainalysis report.