After tracking the wallet transactions for a while, researchers at Advanced Intelligence and HYAS have estimated that Ryuk ransomware has made at least $150 million in ransom payments to date. They also detailed that the threat group is using two famous crypto exchanges to cash out their earned Bitcoins.
Ryuk Gang Uses Binance and Huobi
Ryuk ransomware is one of the prominent threat groups targeting companies all over the world, with the main focus on healthcare services. The malware group is one that uses the double-extortion strategy of stealing sensitive data before encrypting the target’s systems.
This would help them force victims into paying the ransom better than just asking them to pay with a note. Since leaking the stolen data degrades the victim’s image, they’re more likely to pay the ransom, and this method has worked to date. Now, it’s estimated that the Ryuk ransomware group may have made over $150 million from this strategy.
This was reported by two security firms – Advanced Intelligence and HYAS, where the researchers have tracked the Bitcoins being poured into Ryuk group’s wallets, which were then cashed out through legitimate platforms. Overall, the researchers have pointed out about 65 wallets belonging to Ryuk ransomware.
They also explained that the ransom payment made by victims wasn’t directly deposited into Ryuk group’s, but will first be welcomed into a broker’s wallet, and then to Ryuk’s. These payments were then transferred to a Bitcoin mixer, a specialized service to mask the transaction paths, and make it harder for snoopers to decode the sources.
Later, they’d be brought into cryptocurrency exchanges by the intermediaries (Bitcoin mixers) through a well-crafted circuit, to cash out into fiat currencies. Researchers said the Ryuk group has been using two major exchanges – Binance and Huobi for converting their ransom Bitcoins into desired currencies.
Also, it’s said that Ryuk deposited their Bitcoins into not just popular exchanges, but also the small ones in hefty terms. One of the largest ransoms being tracked to Ryuk’s wallet is worth 365 Bitcoins, valuing over $5 million.