Moscow City firms received as much as 48% of their crypto from illicit addresses.

Almost three-quarters of revenue from ransomware attacks last year, or $400 million, went to addresses that are “highly likely” to be affiliated with Russia, according to a report from crypto analytics firm Chainalysis.

The firm determines whether ransomware strains are affiliated to Russia based on three criteria: Whether they avoid attacking former Soviet countries, markers such as language and location, and whether they are related to Russia-based cybercrime organization Evil Corp., Chainalysis said on Monday.

Ransomware attacks have grown in the past year, according to a joint report of U.S., U.K. and Australian cybersecurity authorities. North American addresses are the biggest targets, according to another Chainalysis report. The U.S. government is pushing for measures to combat this type of attack, in which hackers hold a firm’s data hostage.

In 2019-2021, between 29% and 48% of all crypto going to addresses belonging to businesses in Moscow City, the Russian capital’s financial center, came from “illicit and risky” addresses, said the research report.

The recipients included Suex, an over-the-counter exchange that has been sanctioned by the U.S. government, Eggchange, whose co-founder was reportedly arrested by Russian authorities in November, and peer-to-peer exchange Bitzlato.

These firms are linked to money laundering of the illegally obtained funds, Chainalysis said.

Some instances of firms receiving low proportions of illicitly obtained crypto can be attributed to their lack of awareness, rather than criminal activity, the report said.

Of all the crypto going to Moscow City, funds coming from scams, at $313 million, and darnknet markets, at $296 million, made up the majority of illicit crypto in that time period. Ransomware came third at $38 million.

The post Russia-Affiliated Addresses Received 74% of Ransomware Revenue Last Year appeared first on Crypto Insider.

New research from blockchain surveillance firm Chainalysis shows that ransomware gangs are getting more sophisticated.

The average size of ransomware payments hit an all-time high in 2021, according to a new report by blockchain research firm Chainalysis.

Chainalysis’ data shows the average ransomware payment size last year reached $118,000 in crypto, up from $88,000 in 2020, according to a report published Thursday. In 2019, the average ransomware payment was only $25,000. Kim Grauer, Chainalysis’ head of research, attributes this jump to the growing sophistication of ransomware groups.

Over the last two years, ransomware attacks have skyrocketed. Chainalysis has identified $692 million worth of payments to wallet addresses affiliated with ransomware groups in 2020 and, at the time of publication, $602 million in 2021. However, Grauer stressed that the real number is likely to be much higher – setting a new record for ransomware payments in 2021 – as Chainalysis continues to identify ransomware-associated wallets.

As ransomware gangs continue to profit and gain experience, they are learning how to adapt to avoid detection and go after bigger targets. Grauer told that data shows many ransomware gangs are reinvesting a larger percentage of stolen funds back into their operations. In 2021,16% of all funds sent from wallets associated with ransomware operators were spent on tools and services, like penetration testing or more secure web hosting, to make their attacks more effective.

“They’re investing in their business,” Grauer said. “You know, you have to spend money to make money.”

The jump, up from 4% in 2020, is largely driven by the rise of Ransomware-as-a-Service (RaaS), which enables ransomware gangs to purchase already-developed strains of ransomware, like Conti or DarkSide, from ransomware creators, usually in exchange for a portion of the proceeds.

However, Grauer also pointed out that, while RaaS might be growing, blockchain data shows that at least 140 ransomware developers received payments from victims last year – a new all time-high. The growth signals that ransomware strains are becoming dormant faster, which Grauer said is a tactic used to avoid law enforcement detection, but is also a sign of the rise of home-brewed ransomware tools.

“We’re actually starting to see some places where there’s a move away from RaaS and back to self-produced ransomware,” Grauer said. “We’re seeing that in Iran, where Iranian bad actors are just building their own ransomware from scratch.”

Grauer told CoinDesk that, by creating their own ransomware, ransomware gangs can create a more tailored attack for specific or high-security targets.

“One thing we did see in Iran was some geopolitical attacks against targets in Israel,” Grauer said.

The geopolitical implications of ransomware are growing. After a Russia-based ransomware group carried out the Colonial Pipeline attack last summer, the Biden administration has made cracking down on ransomware a priority.

President Biden has called out Chinese state actors for ransomware and cryptojacking attacks, and pushed Russia to arrest known members of ransomware gangs. The administration also began adding crypto exchanges to its sanctions blacklist last year.

The post Ransomware Payments Are Getting Bigger As Hackers Shift Focus to Larger Targets appeared first on Crypto Insider.