Russian Darknet Markets, Ransomware Groups Thrive Despite Sanctions, Report –
Russian dark web marketplaces have continued to function despite Western sanctions and efforts to shut them down, according to a report pointing to the illegal ones Blockchainspace in the midst of the world’s “first crypto war”. Ransomware actors and high-risk crypto exchanges have also remained active.
Subterranean Russian crypto platforms are adapting to disruptions caused by the Ukraine war
Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for more than half of the international volume of illicit cryptocurrency. Cybercrime organizations were full of Russian-speaking members, and Russian-speaking dark web markets (DNMs) co-dominated the global drug trade cryptocurrencyTRM Labs found in a new report.
Over the past year, the blockchain intelligence firm analyzed changes in the illicit crypto ecosystem to find out how cybercriminals are adapting to the financial, political, and logistical disruptions caused by the conflict. The company describes the latter as “the world’s first crypto war,” with the two sides relying on donations in digital assets to fund their military and humanitarian campaigns, and the West seeking to limit Moscow’s ability to issue coins to circumvent restrictions use.
When war broke out, Western governments and law enforcement cracked down on Russia-affiliated DNMs, ransomware syndicates, and crypto exchanges, exposing users to increased risks. However, these continue to thrive even after the unprecedented measures taken against them, the researchers found.
In April, German authorities seized the servers of the largest dark web marketplace, Hydra, while the US Treasury imposed sanctions on Hydra and Garantex, a Russia-based crypto exchange accused of processing $100 million worth of illegal transactions . The total includes $6 million from Russian ransomware group Conti and around $2.6 million from Hydra.
Despite the crackdown, Garantex has not only continued to operate, but has more than doubled its trading volume throughout 2022, TRM Labs revealed. Meanwhile, newly formed Russian DNMs have been quick to fill the void left by the dismantling of Hydra. Sales on these platforms between May and December 2022 exceeded those in the first four months of the year.
At the same time, while Conti officially shut down in May, it has actually rebranded and is still operating through several smaller groups. However, a study published by Chainalysis in January this year showed that sanctions have played a role in reducing ransomware revenue.
The TRM report also highlights the politicization of some Russian and Ukrainian hackers and provides an example with Killnet. The group, which runs malware and distributed denial-of-service (DDoS) attacks, has pledged allegiance to the Russian state and has threatened entities linked to unfriendly nations. The pro-Ukrainian garbage forums have also hit Russian targets. Both have raised crypto on Telegram for their respective purposes. DNMs and dark web forums have largely remained politically neutral.
Do you think that the authorities in Russia, Ukraine and other countries in the region will take action against such platforms in the future? Do share your thoughts on this topic in the comments section below.
photo credit: Shutterstock, Pixabay, WikiCommons
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src=”
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));
Source: Crypto News Deutsch
