Russian Darknet Markets, Ransomware Thrive Despite Sanctions

• The report from TRM Labs reveals that Russian darknet markets, ransomware groups, and crypto exchanges have continued to operate despite Western sanctions.
• Cybercrime organizations were full of Russian-speaking members and Russian-language darknet markets (DNMs) dominated the global drugs trade in cryptocurrency before the Russia-Ukraine conflict.
• Despite efforts by governments and law enforcement agencies to shut them down, Russian DNMs have filled the gap left by Hydra, Garantex has doubled its trading volumes, and Conti is still operating under a different name.

Russian Darknet Markets Thrive Despite Sanctions

A report from blockchain intelligence firm TRM Labs has revealed that Russian marketplaces on the dark web have continued to operate despite Western sanctions and efforts to shut them down. Cybercrime organizations with a large number of Russian-speaking members used cryptocurrency to dominate the global drugs trade prior to the Russia-Ukraine conflict. However, these entities have managed to remain active in spite of government action against them.

Before Ukraine War

Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for over half of international illicit crypto funds. At this time, numerous cybercrime organizations were full of Russian-speaking members and Russian-language darknet markets (DNMs) dominated the global drugs trade in cryptocurrency.

Trying To Limit Opportunities To Bypass Restrictions

The West has been trying to limit Moscow’s opportunities for using cryptocurrencies as a means of bypassing restrictions due to the war between both countries. German authorities seized servers from Hydra – the largest darknet market – while U.S Treasury Department imposed sanctions on Hydra and Garantex – a Russia-based crypto exchange accused of processing $100 million worth of illicit transactions including $6 million from Conti ransomware group and $2.6 million from Hydra itself.

Continued Activity In Illicit Crypto Ecosystem

Despite these measures taken against them, TRM Labs discovered that these entities still thrive in spite of disruption caused by financial, political and logistical factors related to this “first crypto war” between nations. Garantex continues to operate with more than double its trading volumes compared with 2022 while new Russian DNMs have quickly filled up gaps left behind by Hydra’s dismantling with sales surpassing those during first four months of last year. Furthermore, Conti ransomware group which officially shut down in May has gone through rebranding process but is still operating via smaller groups at present day.


The findings from TRM Labs clearly indicate that cybercriminals are rapidly adapting their strategies when it comes evading sanctions imposed against them while continuing their activities on illicit platforms dealing with cryptocurrencies.. It remains uncertain how long they will be able to keep up this trend given potential new regulations being proposed across Europe regarding digital assets but one thing is certain – current methods implemented so far haven’t been successful enough yet in curbing criminal activities within blockchain space..