Russian-Speaking Hackers Dominate Ransomware Profits Worldwide
According to blockchain analytics firm TRM Labs, Russian-speaking cybercriminals were responsible for about 69% of all cryptocurrency revenues linked to ransomware in the past year. Researchers estimate that hackers’ total “profits” exceeded $500 million.
Key Findings from TRM Labs
The report highlights that while North Korea led in cryptocurrency thefts through exploits and hacks in 2023—stealing over $1 billion—Asian cybercriminals also topped the charts in fraud and investment scams. However, in nearly all other types of malicious crypto activity, Russian-speaking cybercriminals were the dominant force.
“Russian-speaking actors from across the post-Soviet region remain consistent leaders in most types of crypto-enabled cybercrime, from ransomware to illegal crypto exchanges and darknet marketplaces,” the experts wrote.
Major Ransomware Groups
In 2023, the largest ransomware groups identified by researchers included LockBit, Black Basta, ALPHV/BlackCat, Cl0p, PLAY, and Akira.
TRM Labs reports that just LockBit and ALPHV alone collected at least $320 million in ransom payments last year. The total income of Russian-speaking criminals from ransomware attacks exceeded $500 million, accounting for more than two-thirds of all global ransom payments. This means that ransomware operators from other countries were responsible for only about 31% of the total.
Darknet Marketplaces and Money Laundering
TRM Labs also found that Russian-language darknet marketplaces are responsible for about 95% of all such transactions worldwide, selling a wide range of illegal goods and services. In 2023, the three largest Russian-speaking darknet marketplaces processed $1.4 billion in transactions, while Western platforms accounted for only $100 million during the same period.
Additionally, Russian-speaking criminals dominate the money laundering sector. According to experts, the company Garantex alone processed 82% of the cryptocurrency handled by organizations under international sanctions. U.S. authorities imposed sanctions on Garantex in 2022, alleging that the platform helped launder illegal proceeds from the “Hydra” marketplace.