How this ransomware gang earns 150 million dollars? Richest hackers of 2020

A joint investigation by Advanced Intelligence and HYAS has detected 61 Bitcoin wallets allegedly linked to Ryuk ransomware trading groups, finding that transactions of this cryptocurrency circulate mainly in Huobi and Binance. Experts report that, when a ransomware victim pays the ransom, the transfer arrives at a broker that sends it to malware traders to finally go through a money laundering service or into the hands of criminal groups.

Experts mention that there are other significant cryptocurrency flows that lead to other addresses that handle smaller amounts associated with criminal services. According to the report, one of the largest cryptocurrency transactions was over $5 million (35 Bitcoin); however, this is not the highest amount that has been paid for a ransom to Ryuk traders.

Experts mention that, without considering their operating expenses, Ryuk operators made more than $ 150 million USD in profits during 2020.

La imagen tiene un atributo ALT vacío; su nombre de archivo es ryuk08012021.jpg

Although collecting money from these bailouts is a complex task, Ryuk’s operators have established a mechanism that allows them to manage millions of fraudulently obtained dollars despite the constant work of the authorities. An essential step for identifying criminals is during the conversion of cryptocurrency to cash or other variants of virtual assets, although Huobi and Binance might be more permissive to this process.

This variant of malware has been active for at least two years in which it already accumulates a long list of victims of all kinds. Over the past few months, this group of threat actors focused their efforts on engaging health service organizations, further complicated things in pandemic times.

Ryuk is characterized by rigidity of operators, as they do not usually negotiate ransom fees. It is difficult to know the volume of profits of these groups, as the cost of their trades is completely unknown.