- Russian-speaking threat actors dominate ransomware crime in 2023, says TRM
- They collected more than $500 million from victims last year.
Russian-speaking groups accounted for nearly 70 percent of all crypto revenue from ransomware attacks in 2023, with over $500 million extorted. New research By TRM Labs.
Ransomware is a type of malicious software that encrypts a victim’s files or data, making them inaccessible. The attacker then demands a ransom, usually in cryptocurrency, in exchange for the decryption key.
“Many of these actors are known to operate from within Russia or have ties to the Kremlin,” according to TRM. “Some even actively use crypto to purchase foreign equipment for the Russian war effort.”
North Korea is the world’s hacking superpower, responsible for stealing nearly $1 billion in crypto in 2023, the report says, and Asia-based criminals appear to be leading scams and investment fraud. Still, Russian-speaking threat actors are unique in their deadly ransomware activities.
Lockbit and ALPHV/Black Cat, the two largest operators in 2023 and both Russian-speaking, together earned at least $320 million.
Ransomware groups sometimes sell their malware to affiliates or other threat actors as part of a cybercrime business model known as “ransomware as a service” or RaaS.
This may include a licensing agreement, subscription service, flat fee, or profit sharing, all of which allow for rapid distribution and increased attack frequency.
Lockbit, a Ross operator, was interrupted According to TRM, by an international law enforcement operation earlier this year, but it survived and its future remains unclear.
Join the community to get our latest stories and updates.