Kaspersky investigation unit boss Ruslan Stoyanov says a Russian cyber scum group of just 20 professional hackers has made a tidy $790 million in three years by emptying the world's bank accounts.

Stoyanov says some $509 million is thought to have been ripped from the wallets of individuals and businesses from the US, and across the European Union since 2012. The remainder was plundered within former Soviet Union states.

In the same time police have arrested more than 160 Russian cybercriminals from small to large criminal gangs who are accused of stealing cash using trojan.s

Stoyanov says the figures are based on crime data and are therefore likely to be very conservative.

"This estimate is based both on the analysis of public information about the arrests of people suspected of committing financial cybercrime in the period between 2012 and 2015 and on Kaspersky Lab’s own data," Stoyanov says.

"Of course, this figure only includes confirmed losses, the details of which were obtained by law enforcement authorities during the investigation. In reality, cybercriminals could have stolen a much larger amount."

Stoyanov says the Russian underground has recruited more than a thousand members since 2012.

Yet only 20 in the Russian cybercrime scene are thought to be top flight professional hackers who are regulars on underground forums.

Kaspersky Labs has a lot of data on those individuals and says it knows of five major cybercrime groups that are right now ripping cash from consumers. Here's what the white-hat Russians have to say about the situation:

"We can calculate fairly precisely the number of people who make up the core structure of an active criminal group: the organisers, the money flow managers involved in withdrawing money from compromised accounts and the professional hackers. Across the cybercriminal underground, there are only around 20 of these core professionals. They are regular visitors of underground forums, and Kaspersky Lab experts have collected a considerable amount of information that suggests that these 20 people play leading roles in criminal activities that involve the online theft of money and information.

The crime gangs have skill sets that mirror legit tech shops, including web designers, programmers, and BOFHs, along with "cryptors" who obfuscate malware in ways that help it to evade security software.

System admins perform "near-identical tasks to their counterparts in legitimate businesses" Stoyanov says, building and maintaining IT infrastructure.

"Cybercriminal system administrators configure management servers, buy abuse-resistant hosting for servers, ensure the availability of tools for anonymous connection to the servers (VPN) and resolve other technical challenges, including the interaction with remote system administrators hired to perform small tasks," he says.

Employees can be paid as freelancers or permanent staff, and are recruited through forums or in brazen public advertisements that often target underprivileged techs in areas like war-torn Ukraine.

Stoyanov says small groups will buy crime kit like exploit kits and traffic services, while large criminal outfits with a dozen or more heads will do it themselves and target businesses, not just individuals.

"To a certain extent, the structure reflects that of an ordinary, average-sized company engaged in software development," he says of the larger groups.

Kasperksy has investigated more than 300 online financial attacks since 2013. ®