Report: 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021

cointelegraph.com:

According to a new report published by blockchain analytics firm Chainalysis on Monday, approximately 74%, or over $400 million USD, of ransomware revenue last year were funneled into high-risk wallet addresses that are likely to be based in Russia. The report analyzed ransomware hacks throughout 2021 and determined their affiliation to Russia through three key charactersitics:

In addition to the selection criteria, it appears that web traffic data confirms the vast majority of extorted funds are laundered through Russia. Another 13% of funds sent from ransomware addresses to services went to users who were likely in Russia — more than any other region. Such ransomware strains typically infect a user's computer via a program exploit, or when downloading unknown files, etc. They then encrypt the victim's files and demand payment through, most often, Bitcoin (BTC) or Monero (XMR) to a wallet address to make the files accessible.

One famous case occurred last year when Russia-based hacking entity Darkside, through exploiting a single leaked password, infected the computer systems of Colonial Pipeline. As a result, the pipeline's operators were forced to pay over $4 million in crypto ransom (of which $2.3 million was recovered) to regain access to their encrypted files, but not before causing a brief fuel crisis during the ordeal.

Russian ransomware encryption hack | Source: Reuters