{"id":18240,"date":"2022-02-14T22:11:16","date_gmt":"2022-02-14T21:11:16","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=18240"},"modified":"2022-02-14T22:11:22","modified_gmt":"2022-02-14T21:11:22","slug":"report-reveals-that-74-of-stolen-funds-from-ransomware-attacks-went-to-russian-affiliated-wallet-addresses-in-2021","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/report-reveals-that-74-of-stolen-funds-from-ransomware-attacks-went-to-russian-affiliated-wallet-addresses-in-2021\/","title":{"rendered":"Report reveals that 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\" id=\"last-year-the-russian-hacker-group-darkside-compromised-the-computer-systems-of-colonial-pipeline-by-using-a-single-stolen-password\">Last year, the Russian <a href=\"https:\/\/coinscreed.com\/staging\/hackers-steal-321m-from-wormhole-token-bridge-platform.html\" data-type=\"post\" data-id=\"17748\">hacker <\/a>group Darkside compromised the computer systems of Colonial Pipeline by using a single stolen password.<\/h5>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"981\" height=\"612\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-191.png\" alt=\"Report reveals that 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021\" class=\"wp-image-18244\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-191.png 981w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-191-300x187.png 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-191-768x479.png 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-191-750x468.png 750w\" sizes=\"(max-width: 981px) 100vw, 981px\" \/><\/figure>\n\n\n\n<p>According to a new analysis released on Monday by blockchain analytics firm <a href=\"https:\/\/www.google.com\/search?q=Report+reveals+that+74%25+of+stolen+funds+from+ransomware+attacks+went+to+Russian-affiliated+wallet+addresses+in+2021&oq=Report+reveals+that+74%25+of+stolen+funds+from+ransomware+attacks+went+to+Russian-affiliated+wallet+addresses+in+2021&aqs=chrome..69i57.2353j0j7&sourceid=chrome&ie=UTF-8\" data-type=\"URL\" data-id=\"https:\/\/www.google.com\/search?q=Report+reveals+that+74%25+of+stolen+funds+from+ransomware+attacks+went+to+Russian-affiliated+wallet+addresses+in+2021&oq=Report+reveals+that+74%25+of+stolen+funds+from+ransomware+attacks+went+to+Russian-affiliated+wallet+addresses+in+2021&aqs=chrome..69i57.2353j0j7&sourceid=chrome&ie=UTF-8\" target=\"_blank\" rel=\"noopener\">Chainalysis<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a>, over 74% of ransomware money was channelled through high-risk wallet addresses likely headquartered in Russia last year, totalling over $400 million USD. The analysis looked at ransomware intrusions in 2021 and concluded if they were linked to Russia based on three crucial characteristics.<\/p>\n\n\n\n<p>Evil Corp, a Russian cybercriminal gang with purported links to the <a href=\"https:\/\/coinscreed.com\/staging\/russian-government-refuses-to-accept-bitcoin-as-legal-tender.html\" data-type=\"post\" data-id=\"9411\">Russian government<\/a>, was suspected of being behind a particular intrusion.<br>Only non-former-Soviet country victims are targeted by ransomware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ransomware-variants-that-distribute-russian-language-papers-and-announcements\">Ransomware variants that distribute Russian-language papers and announcements<\/h2>\n\n\n\n<p>In addition to the selection criteria, online traffic data appears to suggest that Russia is where the great bulk of extorted monies are laundered. Another 13% of cash received from ransomware addresses to services went to users in Russia, which is more than any other country. <\/p>\n\n\n\n<p>Typically, ransomware infects a user's computer through a program vulnerability, or by downloading unknown files, etc. They then encrypt the victim's files and demand payment in <a href=\"https:\/\/coinscreed.com\/staging\/dbs-bank-singapore-is-looking-to-expand-bitcoin-trading-to-retail-investors.html\" data-type=\"post\" data-id=\"18223\">Bitcoin <\/a>(BTC) or <a href=\"https:\/\/coinscreed.com\/staging\/moneros-former-chief-maintainer-has-been-released-from-jail.html\" data-type=\"post\" data-id=\"10502\">Monero <\/a>(XMR) to a <a href=\"https:\/\/coinscreed.com\/staging\/el-salvador-revives-chivo-wallet-with-plans-to-install-1500-bitcoin-atms.html\" data-type=\"post\" data-id=\"17709\">wallet <\/a>address in order to get access to the data.<\/p>\n\n\n\n<p>Last year, the Russian hacker group Darkside compromised the computer systems of Colonial Pipeline by using a single stolen password. As a result, the pipeline's operators were compelled to pay a <a href=\"https:\/\/coinscreed.com\/staging\/rare-cryptopunk-ethereum-nft-sells-for-almost-24-million.html\" data-type=\"post\" data-id=\"18199\">crypto<\/a> ransom of more than $4 million (of which $2.3 million was recovered) in order to regain access to their encrypted files, but not before triggering a momentary gasoline shortage.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"798\" height=\"593\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-189.png\" alt=\"\" class=\"wp-image-18242\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-189.png 798w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-189-300x223.png 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-189-768x571.png 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-189-750x557.png 750w\" sizes=\"(max-width: 798px) 100vw, 798px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Last year, the Russian hacker group Darkside compromised the computer systems of Colonial Pipeline by using a single stolen password. According to a new analysis released on Monday by blockchain analytics firm Chainalysis , over 74% of ransomware money was channelled through high-risk wallet addresses likely headquartered in Russia last year, totalling over $400 million [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":18244,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[5817,7208,7209],"class_list":["post-18240","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-hack-2","tag-ransomware-2","tag-russian-wallet"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/02\/image-191.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/18240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=18240"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/18240\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/18244"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=18240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=18240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=18240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}