Share this article
Russian-Speaking Groups Responsible for Majority of Crypto Ransomware Attacks in 2023: TRM Labs
Inflows to Russia-based crypto exchange Garantex accounted for 82% of the crypto volumes that belonged to sanctioned entities internationally, the report added.
Updated Jul 25, 2024, 12:00 p.m. Published Jul 25, 2024, 12:00 p.m.
- Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023.
- In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web.
- Inflows to Russia-based exchange, Garantex, accounted for 82% of the crypto from sanctioned entities, despite restrictions being imposed due to the war on Ukraine.
Illicit use of crypto for ransomware, drug sales, and sanction evasion was rife in Russia in 2023 according to a report by TRM Labs on Thursday.
Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023, which exceeded $500 million. Ransomware is a type of malware that prevents a user from accessing a device until a sum is paid.
STORY CONTINUES BELOW
The two largest ransomware operators in 2023 were Lockbit and ALPHV/Black Cat, both Russian-speaking groups. However, in February the U.K. National Crime Agency said it had managed to take control of Lockbits services "compromising their entire criminal enterprise," according to an article at the time.
In 2023, Russian exchange Garantex accounted for 82% of the crypto volumes from sanctioned entities internationally, the report said.
Due to Russia's war on Ukraine, nations around the world placed sanctions on the country leading to some turning to crypto to evade them. U.S. sanctions watchdog, the Office of Foreign Assets Control (OFAC) blacklisted a bitcoin and ether address last year tied to sanctions evasion. Plus, U.S. federal prosecutors alleged in 2022 that five Russian nationals had laundered millions of dollars worth of crypto.
In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web, the report added.
"Russian speaking threat actors are unique in the breadth of their malign activity," the report said.
However, North Korea remains the world’s hacking superpower and has been responsible for stealing close to $1 billion in cryptocurrency in 2023 according to the report.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Canadian Province Wins Forfeiture of $1M QuadrigaCX Co-Founder's Cash, Gold via Default Judgment
The ruling transfers cash, gold bars, watches, and jewelry seized from a CIBC safety deposit box and bank account into government hands after Patryn did not defend the case.
What to know:
- The Supreme Court of British Columbia has forfeited $1 million in cash and gold tied to QuadrigaCX's co-founder, Michael Patryn, to the government.
- Patryn did not contest the forfeiture, which involved 45 gold bars, luxury watches, and over $250,000 in cash seized under an Unexplained Wealth Order.
- The forfeiture may lead to a process determining if any assets can be directed to QuadrigaCX's creditors, who received 13 cents on the dollar in the bankruptcy settlement.
Top Stories
