Security experts estimate that Ryuk Ransomware hackers have earned more than $150 million from victims who hand over the Bitcoin ransom. In a joint report, threat analysis company Advanced Intelligence and cybersecurity firm HYAS wrote that they tracked 61 Bitcoin wallets attributed to Ryuk ransomware. They found that criminals sent most of the crypto to an interchange through an intermediary to cash out.
If the money of a victim is transferred to a broker, they give it to the Ryuk operators who transfer most into the laundering services. It then enters exchanges where it is either cashed out or used on criminal expenses.
The criminals used well-established names, such as the Asia-based Binance and Huobi, instead of choosing mysterious crypto exchanges. Before anyone can send fiat currencies to a bank, both require proof of identification, although the ransomware gangs probably using fake IDs.
“In addition to Huobi and Binance, which are large and well-established exchanges, there are significant flows of cryptocurrency to a collection of addresses that are too small to be an established exchange and probably represent a crime service that exchanges the cryptocurrency for local currency or another digital currency,”
write the researchers.
Payments from Ryuk are usually in the amount of hundreds of thousands of dollars, but some victims end up paying millions. A common target for operators is local governments; both Jackson County and Key Biscayne were hit by Ryuk, which remains the most lucrative variant of ransomware.