Cybercrime is a growing global threat, causing trillions of dollars in economic damage annually. This report explores how Eastern Europe and Russia have become a significant hub for cybercriminal activity, fueled by historical legacies, economic disparities, and state connections.

The study outlines the key drivers of cybercrime in Russia and neighboring countries, including the rise of ransomware, the exploitation of geopolitical ‘grey zones’, and the blurred lines between hackers and state-sponsored cyber operations.

One of the most significant shifts analyzed in the report is the impact of the Russia-Ukraine war on cybercrime. As the war escalated, cybercriminal groups split along national lines, with some hackers supporting Russian intelligence while Ukrainian cybercriminals turned their efforts against Russia, engaging in financial fraud and targeted attacks.

Ransomware has emerged as the most profitable form of cybercrime in the region, overtaking other criminal activities like credit card fraud and botnet operations. Russian-speaking cybercriminals dominate the global ransomware industry, with an estimated 75% of ransomware revenue going to actors linked to the Russian-language underground. Despite international sanctions and takedown efforts, ransomware gangs have adapted, operating like structured organizations with management teams and even physical offices.

The report also highlights how cryptocurrencies are fueling cybercrime and helping Russia evade financial sanctions. Stolen funds from cyberattacks are laundered through unregulated crypto exchanges, allowing criminals to move money across borders undetected. At the same time, shell companies and illicit financial networks are being used to bypass restrictions imposed by Western governments, creating new challenges for global financial security.

Finally, the study explores the deepening relationship between cybercriminals and the Russian state. While organized cybercrime networks have traditionally operated independently, there is growing evidence that Russian intelligence agencies are leveraging these networks for espionage, cyberwarfare, and political influence operations. Hackers are increasingly targeting critical infrastructure, stealing data from adversaries, and assisting the state in strategic cyber campaigns.

This analysis provides detailed insights into how cybercrime has evolved, the future risks, and key policy recommendations. Understanding the ecosystem behind cyber threats is crucial for global security as cyber threats continue escalating.