Sagar

Digital wallets overflowing with ransom payments

Digital wallets overflowing

Jan 13 2021

One ransomware gang, Ryuk, is gauged to have obtained over US$150 million (A$194 million) through its criminal extortion activities, researchers estimate.

Cybersecurity firm HYAS principal researcher Brian Carter teamed up with the chief executive of Advanced Intelligence, Vitali Kremez to track the payment to Ryuk.

During the investigation, Bitcoin transactions worth millions of dollars were found while tracing payments to Ryuk through 61 Bitcoin deposit addresses.

Ryuk is acknowledged to use two cryptocurrency exchanges, Seychelles-based Huobi with offices in Asian countries, and Binance, which is thought to be located in the Cayman Islands.

Ryuk receives victim payments in Bitcoin via a broker, making it harder to follow the money trail.

After ransom payouts are received from the broker, Ryuk directs the Bitcoin funds to cryptocurrency laundering services, which trade it for agreement money at Huobi and Binance.

Whereas Huobi and Binance profess to fulfill international anti-money laundering laws, Carter and Kremez observed that the exchanges are planned "in a way that probably would not obligate them to comply with financial regulation".

Huobi and Binance need identity documents from clients wanting to trade cryptocurrency for agreement money or to make capital transfers to banks.

Carter and Kremez said that it's not clear, whether, that the identity documents are scrutinized in any telling way to know your customer (KYC) regulatory necessities.

Blockchain forensics organization Chainalysis esteemed that Huobi and Binance stirred more than half of the US$2.8 billion in illicit Bitcoin transactions which were able to identify in 2019.

Bitcoin is the preferred cryptocurrency for Ryuk's huge ransom demands, which can run into the millions per victim.

The exchange rate for 1 Bitcoin is at present A$52,228, as the cryptocurrency appreciated abruptly last year, from less than A$15,000 at the opening of 2020.

Ransomware has become an exponential money-spinning business.

Security seller McAfee tracked another ransomware gang, Netwalker, between the timeframe of March 1 and July 27, 2020, and found a total of 2795 Bitcoin being transferred to the criminals in that period.

That amounts to approximately A$146 million, at today's exchange rate.

Ransomware criminals have become increasingly ruthless as well, aiming a wide range of organizations including public service agencies, health care, and large enterprises, by employing tactics of exfiltrating sensitive data to reinforce their extortion demands.

Ryuk itself has garnered a repute of being uncompromising with their demands, and unwilling to negotiate with victims, showing no compassion for them, Carter and Kremez said.

Emotet, Zloader, Qakbot, and Trickbot are the names of malware dropper to gain initial access to networks and move laterally inside these to disable defenses and detection system, by these ransomware criminals.

Carter and Kremez suggested workers limit Microsoft Office macro execution, keep remote access updated, and allow two-factor authentication to counter the early attacks by ransomware criminals.

Usage of remote access tools like Citrix and Microsoft Remote Desktop Protocol applications is particularly risky, and their use should be restricted to an explicit set of internet protocol addresses only.