Russian ransomware generates over $500m in crypto proceeds, TRM Labs says

07/26/2024 14:12
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says

Analysts at TRM Labs say Russian-speaking ransomware groups accounted for nearly 70% of all crypto proceeds from ransomware in 2023

Russian ransomware generates over $500m in crypto proceeds, TRM Labs says

Analysts at TRM Labs say Russian-speaking ransomware groups accounted for nearly 70% of all crypto proceeds from ransomware in 2023.

Russia has seemingly become the center for ransomware-related threat actors in 2023 Russian-speaking ransomware groups accounted for nearly 70% of all crypto proceeds from ransomware, according to analysts at TRM Labs. The alarming figure underscores Russia’s surging role in ransomware-related activities, with these groups amassing approximately $500 million in crypto proceeds.

As per the firm’s recent report, two Russian ransomware operators — Lockbit and ALPHV/Black Cat — together posted attack revenues of “at least $320 million.” TRM Labs notes that Lockbit, which is now under sanctions, attacked such big names in 2023 as Boeing and the UK’s postal operator Royal Mail, while BlackCat/ALPHV targeted MGM Resorts and a Fortune 500 distributor of dental and medical supplies Henry Schein.

Russian ransomware generates over $500m in crypto proceeds, TRM Labs says - 1
Crypto volumes tied to sanctioned entities around the globe | Source: TRM Labs

The report also emphasizes that almost all of the world’s sanctioned crypto volume was concentrated on a single Russia-based exchange, Garantex. This Moscow-headquartered sanctioned trading firm accounted for over 80% of crypto volumes associated with all sanctioned entities globally in 2023. These entities include crypto exchanges and individuals subject to U.S. and international sanctions regimes.

As per data, some of Garantex’s crypto volume goes to sanctioned Chinese manufacturers to purchase “military equipment and critical components used by Russian forces in Ukraine.”

“This equipment includes commercial UAVs, anti-UAV equipment, thermal optics, integrated circuits (ICs), GPS modules, and tantalum capacitors critical to production of Russian weapons systems.”

TRM Labs

However, TRM Labs notes that “not all this volume” relates to sanctioned assets, as it may also encompass the “sale of other goods not related to the war effort,” referring to the broader cross-border trade between Russia and China settled in crypto.

As crypto.news reported earlier, Russia is increasingly relying on crypto as a payment method to circumvent sanctions and maintain cross-border trading activity. This trend persists despite the legal prohibition of crypto as a legal tender within the country, creating ambiguity regarding the classification of these trades.

Recently, the Russian parliament passed two crypto-related bills in the first of three readings. If enacted, the laws would allow the use of crypto for international trade and officially recognize and regulate crypto mining. The legislative move follows reports that Russian metal producers have started using stablecoins for transactions with China due to severe limitations on traditional payment methods caused by sanctions.

Read more --->