Thursday , March 28 2024
Home / Blockchain / Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report

Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report

Summary:
Blockchain intelligence company TRM Labs revealed that some major Russian-linked ransomware syndicates rebranded their activities in 2022 to avoid sanctions from Western countries. According to a new report published recently, the rebranding and other significant activities showed notable changes in the cybercrime space and darknet markets (DNMs) after Russia invaded Ukraine. Ransomware Operators Rebranded to Evade Sanctions In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms. Similarly, sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) on the popular darknet platform Hydra took a toll on ransomware projects as they struggled to gain market dominance while

Topics:
Mandy Williams considers the following as important: , ,

This could be interesting, too:

Wayne Jones writes US Lawmakers Urge SEC to Confront Prometheum’s Custody Plans for ETH

Anthonia Isichei writes Munchables Hacker Returns Stolen Crypto Funds Worth Over Million

Andrew Throuvalas writes This Bitcoin OG May Come Back To Development After Craig Wright Court Loss

Chayanika Deka writes Ethereum’s Vitalik Buterin Challenges Hype: Metaverse Is Still Misunderstood

Blockchain intelligence company TRM Labs revealed that some major Russian-linked ransomware syndicates rebranded their activities in 2022 to avoid sanctions from Western countries.

According to a new report published recently, the rebranding and other significant activities showed notable changes in the cybercrime space and darknet markets (DNMs) after Russia invaded Ukraine.

Ransomware Operators Rebranded to Evade Sanctions

In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms.

Similarly, sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) on the popular darknet platform Hydra took a toll on ransomware projects as they struggled to gain market dominance while avoiding law enforcement agencies.

To strengthen their anonymity through alterations in on-chain behavior, two major ransomware syndicates, LockBit and Conti, restructured their activities.

Through TRM’s on-chain analysis, open source reporting, and proprietary information, the intelligence firm discovered that Conti ceased its original operation and restructured into three smaller groups named Black Basta, BlackByte, and Karakut. Before the diversification, Karakut was a side project run by Conti operators.

LockBit, on the other hand, rebranded its operations since Ukraine’s invasion last February. Four months later, the syndicate launched LockBit 3.0, which it projected as apolitical and focused on monetary gain.

“LockBit’s claim that it had no intention to purposely attack Western countries may have been motivated by the possibility of Western sanctions against Russian entities. Moreover, LockBit stated that it had prohibited attacks against entities related to critical infrastructure, probably to minimize the risk of law enforcement attention and potential sanctions,” TRM said.

Western Sanctions had Little Impact on DNMs

Furthermore, TRM’s analysis also found significant growth in the usage of Russian-speaking darknet markets. Due to sanctions imposed on DNMs, criminals fled to Russian-related platforms to evade Western law enforcement.

Collectively, Russian-speaking darknet markets recorded several periods of sustained growth between April-July and October-December 2022. By the end of the year, they had amassed over $130 million in sales.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *