Blockchain intelligence firm TRM Labs has revealed that some major Russian-linked ransomware syndicates have rebranded their activities in 2022 to avoid sanctions from Western countries.
According to a new report recently released, rebranding and other significant activities showed notable shifts in the cybercrime space and darknet (DNM) markets following Russia’s invasion of Ukraine.
Ransomware Operators Change Their Names To Escape Penalties
Following Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tougher penalties on Russian ransomware platforms.
In the same way, punishments imposed by the US Office of Foreign Assets Control (OFAC) on popular darknet platform Hydra has wreaked havoc on ransomware projects as they struggle to earn market dominance while avoiding law enforcement.
To bolster their anonymity by changing on-chain behavior, two major ransomware syndicates, LockBit and Conti, have restructured their businesses.
Through TRM’s on-chain analysis, open source reports and proprietary information, the intelligence firm found that Conti had ceased its original business and restructured into three smaller groups named Black Basta, BlackByte and Karakut. Prior to diversification, Karakut was a side project run by Conti operators.
LockBit, on the other hand, has rebranded its operations since the invasion of Ukraine last February. Four months later, the syndicate launched LockBit 3.0, which it projected as apolitical and focused on monetary gain.
“LockBit’s assertion that it had no intention of deliberately attacking Western countries may have been motivated by the possibility of Western sanctions against Russian entities. Additionally, LockBit stated that it prohibited attacks against critical infrastructure-related entities, presumably to minimize the risk of law enforcement attention and potential sanctions,” TRM said.
Western sanctions have had little impact on DNMs
In addition, TRM analysis also revealed significant growth in the use of Russian-speaking darknet markets. Due to sanctions imposed on DNMs, criminals have fled to Russia-linked platforms to evade Western law enforcement.
Collectively, Russian-speaking darknet markets recorded several periods of sustained growth between April-July and October-December 2022. By the end of the year, they had accumulated over $130 million in sales.