Report: Most Ransomware Money Tied to Russia

John Lister's picture

Nearly three in every four dollars paid to ransomware scammers goes to Russian-affiliated groups according to new research. The authors also accuse Russia of turning a blind eye to large-scale money laundering.

The figures come from Chainalysis, which tracks crime involving cryptocurrencies. These are "virtual" currencies such as Bitcoin where all transactions are tracked on a public "ledger".

The way cryptocurrencies work means its relatively straightforward to track the amount of money a particular user has spent or received. However, it's often difficult to prove who a particular user is.

Russian PCs Protected

Chainalysis began by gathering together records of payments to addresses (accounts) known to be used by ransomware scammers to receive money from victims. They then looked for signs of Russian connections. (Source:

In cases covering 26.4 percent of revenue, the ransomware in question had code that blocked it from infecting computers from Russia and neighboring former-Soviet states. A further 9.9 percent of revenue had links to EvilCorp, a criminal group known to be based in Russia.

Meanwhile a further 36.4 percent had other signs of Russian connections such as language or location. That left just 27.4 percent of ransomware revenue going to scammers with no clear ties to Russia.

The research also found around 13 percent of payments made from ransomware addresses went to Russian sources. That's likely a sign of using locally-based money laundering operations.

Billion Dollar Business

Further analysis of Moscow-based organizations that receive cryptocurrency payments (similar to financial exchanges or banks in the physical world) suggested that just a handful of organizations handled cryptocurrency worth as much as a billion dollars in a three-month period.

Of this money, up to half came from accounts linked to "illicit" activity, ranging from ransomware and other scams to paying for goods and services that were themselves illegal. (Source:

How seriously Russia takes such activity is open to question. Officially the country has made some arrests of alleged ransomware scammers. However, critics argue the Russian government is happy to let the scammers and money launderers operate because of its destabilizing effect on Western governments.

What's Your Opinion?

Are you surprised so much of the ransomware revenue is tied to Russia? Can the problem really be tackled without the Russian government's assistance? Does such activity undermine any legitimate uses for cryptocurrencies?

Rate this article: 
Average: 4.8 (5 votes)


Chief's picture

Bitcoin is a medium of exchange.
Automobiles are a medium of transportation.
Food is a medium of nutrition.
... I could continue ad nauseam with further examples.

None of the above are moral or immoral.
Each is a method of getting something accomplished.

To blame the medium for the crime seems to be de rigueur in today's society.

Go after the criminal activity.
Criminals continue to evolve.
Law enforcement must continue to follow the criminals.

There are no easy answers, and "outlawing" or controlling the medium causes more fallout and problems which generally increase costs and serve to penalize the 99% honest people.