Quote:The Ryuk ransomware has earned its operators an estimated $150 million, according to an examination of the malware’s money-laundering operations.
Joint research released this week from Brian Carter, principal researcher at HYAS, and Vitali Kremez, CEO at Advanced Intelligence, took a the look under the Ryuk hood concerning the business operations of the group. The two were able to trace payments involving 61 Bitcoin deposit addresses attributed to the Ryuk ransomware.
“The Ryuk criminals send a majority of their Bitcoin to exchanges through an intermediary to cash out,” the researchers explained. This “well-known broker” essentially collects Bitcoin payments from ransomware victims and then exchanges them for fiat currency – traditional paper money – for the Ryuk gang.
“These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range,” the researchers said. “After tracing Bitcoin transactions for the known addresses attributable to Ryuk, the authors estimate that the criminal enterprise may be worth more than $150 million.”
In terms of the exchanges used for this process, the researchers traced the cash-outs to large, legitimate exchanges Huobi and Binance, both of which are located in Asia. Carter and Kremez said that the exchanges’ business practices allow users to maintain some level of anonymity.
“Huobi and Binance are interesting choices because they claim to comply with international financial laws and are willing to participate in legal requests, but are also structured in a way that probably wouldn’t obligate them to comply,” the researchers said. They added, “both exchanges require identity documents in order to exchange cryptocurrencies for fiat currency or to make transfers to banks, however it isn’t clear if the documents they accept are scrutinized in any meaningful way.”
Aside from the two legitimate exchanges, Carter and Kremez’ examination also uncovered large pools of cryptocurrency being cashed out using a collection of addresses that do not appear to be linked to established exchanges. These “probably represent a crime service that exchanges the cryptocurrency for local currency or another digital currency,” researchers noted.
Read more: https://threatpost.com/ryuk-150m-ransom-...ts/162905/
![[-]](https://www.geeks.fyi/images/collapse.png)
