Policy
Share this article

Russian-Speaking Groups Responsible for Majority of Crypto Ransomware Attacks in 2023: TRM Labs

Inflows to Russia-based crypto exchange Garantex accounted for 82% of the crypto volumes that belonged to sanctioned entities internationally, the report added.

By Camomile Shumba|Edited by Parikshit Mishra
Updated Jul 25, 2024, 12:00 p.m. Published Jul 25, 2024, 12:00 p.m.
Russia (Egor Filin/ Unsplash)
Russia (Egor Filin/ Unsplash)
  • Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023.
  • In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web.
  • Inflows to Russia-based exchange, Garantex, accounted for 82% of the crypto from sanctioned entities, despite restrictions being imposed due to the war on Ukraine.

Illicit use of crypto for ransomware, drug sales, and sanction evasion was rife in Russia in 2023 according to a report by TRM Labs on Thursday.

Russian-speaking ransomware groups were responsible for at least 69% of all crypto proceeds from ransomware in 2023, which exceeded $500 million. Ransomware is a type of malware that prevents a user from accessing a device until a sum is paid.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the State of Crypto Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

The two largest ransomware operators in 2023 were Lockbit and ALPHV/Black Cat, both Russian-speaking groups. However, in February the U.K. National Crime Agency said it had managed to take control of Lockbits services "compromising their entire criminal enterprise," according to an article at the time.

In 2023, Russian exchange Garantex accounted for 82% of the crypto volumes from sanctioned entities internationally, the report said.

Due to Russia's war on Ukraine, nations around the world placed sanctions on the country leading to some turning to crypto to evade them. U.S. sanctions watchdog, the Office of Foreign Assets Control (OFAC) blacklisted a bitcoin and ether address last year tied to sanctions evasion. Plus, U.S. federal prosecutors alleged in 2022 that five Russian nationals had laundered millions of dollars worth of crypto.

In 2023 Russian-language darknet markets comprised 95% of all crypto-denominated illicit drug sales that occurred on the dark web, the report added.

"Russian speaking threat actors are unique in the breadth of their malign activity," the report said.

However, North Korea remains the world’s hacking superpower and has been responsible for stealing close to $1 billion in cryptocurrency in 2023 according to the report.

RegulationsRussiaCrimeSanctions

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Small Texas Lender Monet Joining Field of Crypto-Focused Banks

By Jesse Hamilton|Edited by Nikhilesh De
Dec 6, 2025
(Brock Wegner/Unsplash/Modified by CoinDesk)

The bank is owned by billionaire Andy Beal, a major supporter of U.S. President Donald Trump's 2016 campaign.

Read full story