On Monday, Chainalysis, a blockchain analytic firm, published a report saying that about 74 per cent of cryptocurrencies (that is approx. $400 million) of the ransomware revenue was suspiciously transferred to high-risk wallets. It was also being said in the report that these wallet addresses potentially were based in Russia.
Chainalysis also mentioned, according to their research and analysis they found out, after this ransomware attack the funds were initially laundered via Russian users. There is also a saying, cybercriminal kingpins in Russia, who are very successful, only follow two rules; frequent favors to the government and to never attack the Russians.
The analytic firm said they were able to trace the fund transfer through the public blockchain transaction records of digital wallets of the well known hacking group. They also mentioned they were able to catch the Russian group Because they showed multiple characteristics like;
- The ransomware code was written in a way to prevent damaging the files in case it was detected that the victim’s computer was stationed in Russia or any CIS country.
- The fund transfer was connected to a ransomware trace by Evil corp, which is the cybercrime empire of Russia.
- Around 36% of the operators were using Russian language forums during the operation.
The rest of the 27% of ransomware has no clear connection with Russia.
The majority of the cryptocurrency is not illegal globally. And Russia, as a nation, ranks 18th on the list of biggest cryptocurrency adopters across the globe.