Cybersecurity researchers from Advanced Intelligence and HYAS have calculated that Ryuk malware operators earned more than $150 million in bitcoin.
This conclusion was made based on investigation of 61 bitcoin addresses, supposedly associated with the Ryuk attacks.While the Bitcoin blockchain is a public ledger that anyone can view, the addresses associated with payments are not necessarily known, unless the person using them is disclosed in some way through a legal request or because the user has deliberately linked his identity to one from his bitcoin addresses.
As a result, the funds from the ransoms are collected on the accounts of hackers, then transferred to special money laundering services, and then either sent back to the black market and used there to pay for other criminal services, or cashed out on cryptocurrency exchanges.
Moreover, analysts note one oddity: to convert cryptocurrency into fiat, Ryuk operators do not hesitate to use such large and well-known exchanges as Binance and Huobi (with the help of someone else’s stolen identities), although usually criminals prefer lesser-known exchangers for such operations.
Let me remind you that even during a pandemic, Ryuk ransomware attacks hospitals.
The report also contains the latest data on Ryuk’s operations. For example, in February 2020, representatives of the FBI spoke at an information security conference in South Africa, where they stated that Ryuk is by far the most profitable ransomware on the market.
According to the FBI, in the period from February 2018 to October 2019, ransomware operators earned $61,260,000.
Advanced Intelligence and HYAS analyst even estimate the group’s income at $150 million, therefore, Ryuk is still a leader among ransomwares. For example, one of the largest Ryuk transactions discovered during this investigation was more than $ 5,000,000 (365 bitcoins), and this is far from the highest ransom set by attackers.
