DeFi
Russian-speaking hackers dominate ransomware attacks, TRM study finds – DL News
- According to TRM, Russian-speaking threat actors dominated ransomware crimes in 2023.
- They extorted more than $500 million from victims last year.
Russian-speaking groups accounted for nearly 70% of all crypto revenue from ransomware attacks in 2023, extorting more than $500 million, according to New search by TRM Labs.
Ransomware is a type of malware that encrypts a victim’s files or data, making them inaccessible. The attacker then demands a ransom, usually in cryptocurrency, in exchange for the decryption key.
“Many of these actors are known to operate from Russia or have ties to the Kremlin,” according to TRM. “Some are even actively using cryptocurrencies to procure foreign equipment for the Russian war effort.”
North Korea is the world’s hacking superpower, responsible for stealing nearly $1 billion in cryptocurrencies in 2023, and Asia-based criminals appear to be the main culprits behind scams and investment fraud, the report said. Yet Russian-speaking threat actors are unique in their malicious ransomware activities.
Lockbit and ALPHV/Black Cat, the two largest operators in 2023 and both Russian-speaking, have together raised at least $320 million.
Ransomware groups sometimes sell their malware to affiliates or other malicious actors as part of a cybercrime business model called “ransomware as a service,” or RaaS.
This may involve a licensing agreement, a subscription service, a fixed fee, or profit sharing, all of which enable rapid distribution and increased attack frequency.
LockBit, a RaaS operator, was disturbed earlier this year by an international law enforcement operation, but he survived and his future remains uncertain, according to TRM.
Join the community to receive our latest stories and updates