Ransomware is a method of extortion that has been on the rise in recent years. A study by Chainalysis looks at Russia, where many of the criminal networks in this industry are affiliated. Let’s take a look at this information and the Russian crypto-crime scene as a whole.
Ransomware affiliated with Russia
In an excerpt from a report to be released this month on crypto-crime, Chainalysis tells us that a large portion of ransomware revenue, nearly 73%, is affiliated with Russia in some way.
According to their research criteria, this percentage of revenue falls into the following categories:
- 26.4% comes from software avoiding the countries of the Commonwealth of Independent States (CIS), an intergovernmental organisation of former USSR nations;
9.9% are linked to Evil Corp, a Russian cybercrime organisation; - 36.4% of revenues are classified as “other connections to Russia”.
Distribution of ransomware revenues (Source: Chainalysis)
Chainalysis relies on several elements to reach these conclusions, for example, it will look for whether the software used shares Russian language documents. Or, if the same software excludes from their attacks computers configured in Russian, like the Mars Stealer Trojan which, although functioning differently, uses this functionality.
The survey also reveals that the loot from these attacks amounts to 400 million dollars over the year 2021, and unsurprisingly, the targets are mainly in North America. Moreover, 13% of these extorted funds are said to be routed directly from the addresses of these ransomware programs to Russia.
Moscow, a hub for money laundering
Far from being limited to ransomware, the Chainalysis study shows us that a large part of the proceeds from crypto-crime in Russia pass through Moscow during the laundering process.
More specifically, these funds are channelled through cryptocurrency-related companies. Although these companies are not directly involved in illicit activities, a significant portion of the money coming in is from criminal activities, as shown in the following graph:
Distribution of the origin of cryptocurrency inflows into Moscow companies (Source: Chainalysis)
Over the period from the beginning of 2019 to the second quarter of 2021, illicit funds received by Moscow cryptocurrency companies amount to $700 million, or 13% of transactions. Depending on the quarter studied, this can rise to 48%. As for the origin of this capital, almost 89% of it is generated by scams and trading on the darkweb.
Ironically, in a decentralised ecosystem, almost half of the companies scrutinised by Chainalysis are said to operate from the Federation Tower, a double-skyscraper complex in the economic district, Moskva-City.
The unit statistics of each company in the panel studied are very disparate. For some companies, these disputed funds represent less than 10% of their overall volume, giving the benefit of the doubt as to whether or not they were intentionally involved. But for other companies, they sometimes represent more than 30%, which on the contrary suggests that money laundering is knowingly carried out.
Of course, even if this whole industry represents a significant amount of money, it is still marginal compared to the total volume of our ecosystem. This is not to fall into the trap of saying that cryptocurrency is fuelling crime. Cryptocurrency remains a tool that cannot be reduced to this use case, just as it would be absurd to say that a computer is dangerous because hackers use it.
