Russian-Speaking Groups Responsible for Majority of Crypto Ransomware Attacks in 2023: TRM Labs

Illicit use of crypto for ransomware, drug sales, and sanction evasion was rife in Russia in 2023 according to a report by TRM Labs on Thursday.

Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023, which exceeded $500 million. Ransomware is a type of malware that prevents a user from accessing a device until a sum is paid.

The two largest ransomware operators in 2023 were Lockbit and ALPHV/Black Cat, both Russian-speaking groups. However, in February the U.K. National Crime Agency said it had managed to take control of Lockbits services "compromising their entire criminal enterprise," according to an article at the time.

In 2023, Russian exchange Garantex accounted for 82% of the crypto volumes from sanctioned entities internationally, the report said.

Due to Russia's war on Ukraine, nations around the world placed sanctions on the country leading to some turning to crypto to evade them. U.S. sanctions watchdog, the Office of Foreign Assets Control (OFAC) blacklisted a bitcoin and ether address last year tied to sanctions evasion. Plus, U.S. federal prosecutors alleged in 2022 that five Russian nationals had laundered millions of dollars worth of crypto.

In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web, the report added.

"Russian speaking threat actors are unique in the breadth of their malign activity," the report said.

However, North Korea remains the world’s hacking superpower and has been responsible for stealing close to $1 billion in cryptocurrency in 2023 according to the report.