Cryptocurrency is where innovation and anonymity meet. A world that promises financial freedom and secrecy, but also hides dangers and risks. As we venture into this uncharted territory, we'll explore the depths of crypto and uncover the potential threats lurking in the shadows.

Russia leads in many things, they emerge third as the most powerful country in the world amongst other great accomplishments. Unfortunately, the country is also known for its notorious crypto ransomware economy, high-profile fraud, bribe, and money laundering cases.

In the shadows of Russia's thriving cryptocurrency market, a sinister force has emerged, threatening global cybersecurity. Crypto ransomware, a type of malware that demands payment in cryptocurrency in exchange for restoring access to data, has become a lucrative business for cybercriminals. For the past decade, Russia has become a hotbed for these illegal activities, with many gangs operating with impunity. Russian cybercriminals have generated a whopping $1.4 billion in profit from these crypto-related criminal activities. It also became a haven for crypto money laundering, with billions of dollars in illicit funds flowing through the country's cryptocurrency exchanges and networks.

Crypto in Russia

Russia has had a tumultuous relationship with cryptocurrency, marked by periods of enthusiasm, skepticism, and outright hostility. Despite this, the country has emerged as a significant player in the global crypto market, with a thriving community of miners, traders, and entrepreneurs.

Russia was one of the first countries to embrace cryptocurrency, with Bitcoin gaining popularity in 2011. The country's large pool of skilled programmers and engineers drove innovation and adoption, including a rapid increase and demand of crypto-related businesses, such as exchanges and mining operations appearing in the country.

Government Stance and Regulations

The Russian government's stance on cryptocurrency has evolved over the years, from initial enthusiasm to skepticism and finally, to a more nuanced approach. Regulatory efforts have been inconsistent, with different government agencies taking varying positions on the legality and oversight of crypto-related activities.

In the early days of crypto, there was initial lack of regulation by the government, hence allowing the crypto businesses to flourish and take charge. The government also saw crypto as a way to attract foreign investments and boost its economic growth.

The crackdown then started in 2017 as they set regulatory warnings and enforcement actions targeted at the exchanges and businesses, when the Central Bank and Finance Ministry statements raised concerns about illegal activities and financial stability. A proposed legislation was proposed and aimed to ban cryptocurrency in Russia altogether.

Fast forward to date, federal law defines cryptocurrency as digital financial assets, subject to anti-money laundering rules. Registration requirements for crypto businesses and taxation on crypto-related income were also implied. But is it enough to stop illicit crypto-activities from taking place?

Black Cat & Scattered Spider

MGM Resorts experienced a ransomware attack in April 2024, which impacted its operations and IT systems. The attack was allegedly carried out by the Scattered Spider.

Scattered Spider is a group of elusive native-English speaking hackers that are responsible for some of the recent ransomware attacks in 2024. The group is also known as Star Fraud, UNC3944, and Octo Tempest. Scattered Spider hackers are considered experts in social engineering.

The incident resulted in the unauthorized access and encryption of data, and the attackers demanded a ransom in exchange for the decryption key. A "cybersecurity issue" led to the shutdown of some casino and hotel computer systems at MGM Resorts International properties across the U.S, which means slot machines in casinos were shut off abruptly, including building elevators, faulty access keys to hotel rooms, parking gates froze, and more.

The hackers demanded $30 million to unlock MGM data, but the company refused. However, the company still paid a hefty price. They lost $100 million in revenue, and forked out millions more to rebuild their servers.

How did the hackers do it? Well, through social engineering. Being deceptive and manipulating, the hackers zeroed in on an employee, gathering information from the dark web and open sources like LinkedIn. Next, a smooth-talking hacker impersonated the employee and called the MGM tech helpdesk and convinced him to reset his password. With that, the hacker was inside MGM computers, and unleased the disruptive malware.

MGM's long-time competitor, Caesar's Palace, was also attacked around the same time, and they did pay a ransom amount of $15 million and did not suffer any disruptions. Apart from casinos and hotels, similar attacks have been unleashed upon hospitals, retail companies and even schools.

"Part of their success is because they are fluent in Western culture. They know how our society works, they know what to say to get someone to do something."

Now, Russian hackers have teamed up with the young native-English speaking hackers of Scattered Spider. Historically speaking, Russian cyber criminals did not like working with Western cyber criminals as there was not only a language barrier, but they also kind of looked down on them and viewed them as unprofessional.

However, their criminal exploits caught their attention and earned their respect, and saw them as a potential "force multiplier" for their ransomware attacks.

Scattered Spider uses its English and social engineering skills to break into companies and other entities. BlackCat provides its experience, platform and its malware, which has been used in some of the most consequential ransomware attacks in recent history.

BlackCat consists of ex-DarkSide/BlackMatter hackers, known for the 2021 Colonial Pipeline attack that led to East Coast gas shortages. The FBI notes that BlackCat/ALPHV's team, skilled in ransomware, includes DarkSide/BlackMatter's developers and money launderers.

Now, get this. The Russian government actually provide a safe haven for Russian ransomware gangs, as long as the hackers do not target organizations in Russia and they will not get prosecuted.

A recent work of the Black Cat was in early 2024 when the U.S. Healthcare giant Change Healthcare has made a $22 million extortion payment to the group. The company struggled to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, BlackCat still has sensitive data Change reportedly paid the group to destroy it, and they followed through on threats to share the stolen sensitive records despite paying ransom.

Bitcoin Fog

Founder of Bitcoin Fog, a long-running cryptocurrency mixer, was convicted by a federal jury in Washington in March 2024, for facilitating the laundering of over 1.2 million bitcoins, worth about $860 million at today’s prices, allowing criminals to obscure their illicit gains from law enforcement.

The majority of these transactions were linked to darknet marketplaces associated with narocotics, cyber fraud, distribution of child sexual abuse materials, and more.

Roman Sterlingov, 35, a dual Russian-Swiss citizen, was arrested at LA International Airport in April 2021, and charged with money laundering, operating an unlicensed money transmitting business, and money transmission without a license.

Following his arrest, Sterlingov was also charged with conspiring to launder money.

He denied that he ever operated and collected fees from Bitcoin Fog, though he did admit to using it. Jurors, however, did not buy into his words. Sterlingov faces a maximum sentence of 20 years in prison.

Garantex

A story of cryptocurrency, corruption, and deceit. Meet Garantex, a Russian exchange accused of facilitating ransomware transactions and money laundering.

Garantex has laundered billions since its inception. Its clients include individuals and groups involved in drug trafficking, cybercrime, identity theft, and child exploitation. A joint investigation by the US and UK authorities is underway into cryptocurrency transactions valued at over $20 billion, leveraging Tether's stablecoin, USDT.

The U.S. has sanctioned Garantex for facilitating transactions for criminal organizations, including a Hamas-affiliated terrorist group. Its involvement with other designated terrorist organizations, such as Hezbollah, underscores the severity of its operations.

Investigations Underway for $20 Billion Crypto Transfers to Garantex

The transactions, worth over $20 billion, may be one of the largest sanctions breaches since Russia's Ukraine invasion. The probe is investigating whether these crypto transfers, routed through Garantex, have helped Russia evade sanctions and fund its military actions.

This isn't the first time Garantex is under the limelight. The US Treasury's Office of Foreign Assets Control (OFAC), imposed sanctions on Garantex and Hydra Market in April 2022, citing their alleged ties to ransomware syndicates and illicit drug markets on the dark web.

Although Garantex was originally established in Estonia in 2019, authorities alleged that it has moved its main operations to Federation Tower in Moscow, sparking increased regulatory scrutiny due to potential ties to Russia and sanctions evasion concerns.

Links to Notorious Gang Leader, Russian Oil Firm, and Merciless Debt Collectors Uncovered

An international investigation by a coalition of journalists has uncovered Garantex's connections to violent debt collectors, a convicted gang leader, and a Russian state-owned oil company.

Investigations unveiled that the death and subsequent replacement of one of its shareholders led to the emergence of a new shareholder with ties to the Kremlin and the Russian state oil industry. It was further disclosed that both Garantex's crypto educational platform, the Garantex Academy, and its mobile app in Russia are operated by Fintech Corporation LLC.

Aleksandr Ntifo-Siao, formerly a director at Garantex Europe, co-owns Fintech with Pavel Karavatsky, a Russian executive with alleged ties to the Kremlin and Rosneft, a state owned oil giant. Notably, Aleksandr Ntifo-Siao changed his name to Alexander Joseluisovich Mira Serda, raising questions about potential attempts to obscure his identity.

Rosneft acquired Targin in 2016, and three years later, Targin Logistics LLC emerged. Although the connection between the two entities is not explicit, Targin Logistics later changed its name to Fintech Corporation in 2020, coinciding with Pavel becoming CEO, suggesting a possible link between the entities and a potential shift in operations.

They retained Rosneft's contact details, including phone numbers and email addresses. Rosneft's CEO, Igor Sechin, has close ties to Russia's security service and faced sanctions from EU, UK, and others after Russia's Ukraine invasion, raising concerns about Fintech's potential government connections too.

Notorious Gang Leader Infamous for Ruthless Extortion Tactics

Fintech Corporation's interests go beyond digital education, as it also owns 50% of the Academy of Conflicts, a debt collection agency. The agency is co-owned by Alexander Tsarapkin, a convicted gang leader who was sentenced to seven years in prison for extortion schemes in 2016, raising concerns about Fintech's ties to criminal activity.

Court records reveal a harrowing incident dating back to 2013, a Moscow businessman was brutally assaulted by three attackers over a debt owed to an associate. A week later, his wife was viciously attacked with an awl and syringe, suffering from stabbing wounds.

The assailants also threatened to inject her with blood allegedly contaminated with AIDS, exacerbating the trauma.

Subsequently, the situation escalated alarmingly, with the wife's car being torched and the husband suffering a brutal assault, leaving him with severe injuries, including a broken nose and lost teeth. The assailant threatened to disfigure and harm the wife and her children, according to her testimony.

The Academy of Conflicts, co-owned by Alexander Tsarapkin, claims to offer 'problem-solving' services, but its website features Tsarapkin in boxing gloves, suggestively boasting about his ability to handle conflicts, implying a menacing approach to conflict resolution. It comes along with the caption:

“You will no longer have to negotiate conflicts and participate in situations that immerse you in an uncomfortable environment.”

Death of Shareholder Under Investigation for Possible Foul Play

Garantex was founded in 2019 by Stanislav Drugalev and Sergey Mendeleev. In 2021, Aleksandr Ntifo-Siao joined them as a shareholder.

However, the trajectory of Garantex's ownership took a dramatic turn in February 2021 when Stanislav Drugalev tragically died in a car accident, plunging off a bridge in Dubai.

With regard to the death of one of its founders, Garantex commented:
"Questions regarding the circumstances of Mr. Drugalev’s death should be addressed to UAE law enforcement. Comments and suggestions offered by any third party are nothing more than speculations, for which those offering them bear no liability.”

Amidst suspicions of foul play and allegations of a "criminal death" raised by his wife, Oksana Drugaleva, his role was left vacant.

Notably, Irina Chernyavskaya, reportedly a partner of Pavel, subsequently assumed Sergey's position as a Garantex shareholder.

Links to Terrorist Organisations

What's more, Garantex is accused of transferring a substantial amount of cryptocurrency to suspicious entities, including $238 million in bitcoin to darknet operators and $15 million to wallets allegedly tied to Hezbollah and Qud Forces, two groups labeled as terrorist organizations by Israel.

Richard Sanders, a digital forensics analyst, suggests that Russia's interest in Garantex's operations extends beyond mere criminal prosecution.

He expressed that:
“The intelligence value that can be obtained by the Russian government far outweighs their desire to prosecute criminals that by and large profit off of what the government considers to be unfriendly nations. Garantex has dark[net] markets and ransomware groups as top clients.”

Garantex Denies Involvement

Despite all the allegations and backlash, Garantex remained silent on its Russian operations, Fintech ties, suspected criminal links, and alleged Kremlin connections. However, the exchange stressed its pledge to prevent illegal financial dealings and vowed to take proactive steps to combat such activities.

The statement said:
“Not only do we stay away from facilitating criminal financial activities, but we also do our best to help prevent them, particularly by trying to initiate a revival of cross-border cooperation aimed at investigating and preventing illicit transactions.”

Garantex rejected allegations of ties to terrorist groups, calling them baseless and stemming from a misunderstanding of cryptocurrency transactions between Virtual Asset Service Providers (VASPs) in Gulf countries.

After sanctions were imposed, Garantex ended its partnership with Ukrainian crypto firms, leading to a significant drop in transaction volume to about one-third of its previous levels, according to Yevhenii Panchenko, head of Ukraine's Cyber Police Department. Despite this, Garantex still processes millions of dollars in transactions monthly.

While the outlook for safe cryptocurrency in Russia may seem bleak, it's essential to remain vigilant and take necessary precautions. Always prioritize high alert and ensure strict compliance with Russia's crypto regulations and laws to mitigate risks.