Russia has long been home to some of the most skilled hackers in the world. According to cybersecurity investigators like Brian Krebs, this is largely due to the country’s excellence in computer science education, combined with low economic prospects even for those who are skilled in the field. Given this background, it may not be surprising that Russia leads the way in ransomware. But the degree to which Russia-based ransomware strains dominate is quite shocking.
Before we dive into the data, a quick explainer - we generally tie specific ransomware strains to Russian cybercriminals based on one of three criteria:
1) Evil Corp is a Russia-based cybercriminal organization that has been prolific in ransomware, and whose leadership is believed to have ties to the Russian government.
2) The Commonwealth of Independent States (CIS) is an intergovernmental organization of Russian-speaking, former Soviet countries. Many ransomware strains contain code that prevents the encryption of files if it detects the victim’s operating system is located in a CIS country. In other cases, ransomware operators have even given over decryptors to return file access after learning they inadvertently targeted a Russian organization. We can attribute CIS-avoiding strains to Russian cybercriminals, though with a lesser degree of confidence, as some of them may be based in other CIS countries.
3) There are several other ransomware characteristics that can indicate a strain is likely based in Russia. Examples include ransomware strains that share documents and announcements in the Russian language, or whose affiliates are believed to be located in Russia with a high degree of confidence.
Overall, roughly 74% of ransomware revenue in 2021 - over $400 million worth of cryptocurrency - went to strains we can say are highly likely to be affiliated with Russia in some way.
Blockchain analysis combined with web traffic data also tells us that after ransomware attacks take place, most of the extorted funds are laundered through services primarily catering to Russian users.
No comments:
Post a Comment