Fraud Management & Cybercrime
Researchers Track Funds in 61 Crypto Wallets
Researchers say cryptocurrency wallets used by the operators behind the Ryuk ransomware strain and the gang’s affiliates hold more than $150 million.
See Also: Top 50 Security Threats
Brian Carter, principal researcher at security firm HYAS, and Vitali Kremez, CEO of Advanced Intelligence, report that they have identified 61 bitcoin addresses that the Ryuk cybercriminal gang and its affiliates use to receive ransomware payments from victims.
Two of the bitcoin exchanges the group uses for transferring funds are Asia-based Huobi and Binance, the researchers say in a new report. The group also uses lesser-known exchanges.
A January 2020 report by blockchain analysis firm Chainalysis found that the Huobi and Binance cryptocurrency exchanges are part of a shadow network that helps convert illegally gotten bitcoins and other virtual currencies into cash. These two exchanges also appear to circumvent anti-money laundering and “know your customer” rules (see: How Cybercriminals Are Converting Cryptocurrency to Cash).
“Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims,” the research report, released Thursday, notes. “These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range. After tracing bitcoin transactions for the known addresses attributable to Ryuk, the authors estimate that the criminal enterprise may be worth more than $150,000,000.”