A recent report by TRM Labs reveals that Russian-speaking ransomware groups were responsible for the majority of crypto-ransomware attacks in 2023, highlighting the extensive use of cryptocurrency for illicit activities in Russia. According to the report, Russian-speaking ransomware groups accounted for at least 69% of all crypto proceeds from ransomware in 2023, totaling over $500 million.
Ransomware, a type of malware that blocks user access to devices until a ransom is paid, saw significant activity from groups such as Lockbit and ALPHV/BlackCat, the two largest operators. In a notable development, the U.K. National Crime Agency announced in February that it had successfully compromised Lockbit’s operations, dealing a substantial blow to their criminal enterprise.
The report also noted that Russian-language darknet markets were responsible for 95% of all crypto-denominated illicit drug sales on the dark web in 2023. This underscores the extensive use of cryptocurrency in facilitating illegal drug transactions within these markets.
In addition, inflows to the Russia-based crypto exchange Garantex accounted for 82% of the crypto volumes linked to sanctioned entities worldwide. This occurred despite global sanctions imposed on Russia due to the ongoing war in Ukraine. The report highlighted that entities in Russia have increasingly turned to cryptocurrency to circumvent these sanctions. The U.S. Office of Foreign Assets Control (OFAC) has blacklisted several bitcoin and ether addresses associated with sanctions evasion, and in 2022, U.S. federal prosecutors accused five Russian nationals of laundering millions of dollars in crypto.
“Russian-speaking threat actors are unique in the breadth of their malign activity,” the report stated, emphasizing the extensive range of illicit activities carried out by these groups.
Despite the dominance of Russian-speaking groups in ransomware and darknet markets, North Korea remains a significant player in the global cybercrime landscape. The report noted that North Korean hackers were responsible for nearly $1 billion in cryptocurrency theft in 2023, maintaining their position as a leading cybercrime threat.