In brief: Crime doesn’t pay, so the saying goes, though the operators behind the Ryuk ransomware would probably disagree. Security researchers think that crooks have gotten more than $150 million from victims who turn over the Bitcoin ransom.
Threat intelligence business Advanced Intelligence and cybersecurity firm HYAS in a joint report wrote that they tracked 61 Bitcoin wallets credited to Ryuk ransomware. They found that lawbreakers send the majority of the crypto to an exchange via an intermediary to cash out.
Once a victim’s cash is paid to a broker, they send it to the Ryuk operators who move most through laundering services. It then reaches exchanges where it is either cashed out or used on criminal enterprises.
Rather than choosing unknown crypto exchanges, the lawbreakers use well-established names, such as the Asia-based Binance and Huobi. Both need proof of identity before somebody can move fiat currencies to a bank, though the ransomware gangs are most likely utilizing phony IDs.
” In addition to Huobi and Binance, which are big and reputable exchanges, there are significant flows of crypto currency to a collection of addresses that are too small to be a recognized exchange and probably represent a crime service that exchanges the cryptocurrency for local currency or another digital currency,” compose the researchers.
Ryuk payments are usually in the numerous countless dollars vary, though some victims wind up paying millions. Local governments are a popular target for the operators; Jackson County and Key Biscayne were both struck by Ryuk, which remains the most rewarding version of ransomware.