Blockchain intelligence company TRM Labs revealed that some major Russian-linked ransomware syndicates rebranded their activities in 2022 to avoid sanctions from Western countries. According to a new report published recently, the rebranding and other significant activities showed notable changes in the cybercrime space and darknet markets (DNMs) after Russia invaded Ukraine. Ransomware Operators Rebranded to Evade Sanctions In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms. Similarly, sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) on the popular darknet platform Hydra took a toll on ransomware projects as they struggled to gain market dominance while
Topics:
Mandy Williams considers the following as important: AA News, russia, social
This could be interesting, too:
Wayne Jones writes Hashdex Files S-1 for First ETF Holding Bitcoin and Ethereum in the US
Chayanika Deka writes Scaramucci Slams Claims of Harris’s Anti-Crypto Bias, Critiques Trump’s Transactional Approach
Wayne Jones writes Celebrity Meme Coins Plunge 94% From Peak Values on Average: Data
Mandy Williams writes Marathon Digital Increases Bitcoin Stash With 0M Purchase
Blockchain intelligence company TRM Labs revealed that some major Russian-linked ransomware syndicates rebranded their activities in 2022 to avoid sanctions from Western countries.
According to a new report published recently, the rebranding and other significant activities showed notable changes in the cybercrime space and darknet markets (DNMs) after Russia invaded Ukraine.
Ransomware Operators Rebranded to Evade Sanctions
In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms.
Similarly, sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) on the popular darknet platform Hydra took a toll on ransomware projects as they struggled to gain market dominance while avoiding law enforcement agencies.
To strengthen their anonymity through alterations in on-chain behavior, two major ransomware syndicates, LockBit and Conti, restructured their activities.
Through TRM’s on-chain analysis, open source reporting, and proprietary information, the intelligence firm discovered that Conti ceased its original operation and restructured into three smaller groups named Black Basta, BlackByte, and Karakut. Before the diversification, Karakut was a side project run by Conti operators.
LockBit, on the other hand, rebranded its operations since Ukraine’s invasion last February. Four months later, the syndicate launched LockBit 3.0, which it projected as apolitical and focused on monetary gain.
“LockBit’s claim that it had no intention to purposely attack Western countries may have been motivated by the possibility of Western sanctions against Russian entities. Moreover, LockBit stated that it had prohibited attacks against entities related to critical infrastructure, probably to minimize the risk of law enforcement attention and potential sanctions,” TRM said.
Western Sanctions had Little Impact on DNMs
Furthermore, TRM’s analysis also found significant growth in the usage of Russian-speaking darknet markets. Due to sanctions imposed on DNMs, criminals fled to Russian-related platforms to evade Western law enforcement.
Collectively, Russian-speaking darknet markets recorded several periods of sustained growth between April-July and October-December 2022. By the end of the year, they had amassed over $130 million in sales.