Security researchers believe that its operators Ryuk ransomware have earned more than $ 150 million in Bitcoin, from the ransom they demand from their victims. The gang has targeted a large number of companies around the world.
In one joint report, the companies security Intel Advanced Intelligence and HYAS, reported that they have detected payments at 61 Bitcoin addresses, which have previously been linked to Ryuk attacks ransomware.
"The Ryuk gang receives a significant ransom from a well-known broker who makes payments on behalf of ransomware victims", Reported the researchers of the two companies. "These payments sometimes amount to millions of dollars, averaging a few hundred thousand".
AdvIntel and HYAS say the funds Ryuk ransomware operators are earning from blackmail, are concentrated in accounts, transferred to services money laundering and then either used for other criminal services or redeemed for real cryptocurrency exchange services.
However, what he did εντύπωση to researchers, is that The Ryuk ransomware gang uses two very popular ones exchange services to convert Bitcoin into real fiat currency. These services are Binance and Huobi. Most criminal gangs use lesser known exchange services. Researchers speculate that hackers use stolen IDs for Binance and Huobi transactions.
In February 2020, FBI officials spoke about Ryuk ransomware at the conference security RSA. Then, the agency had said that the Ryuk gang was the most lucrative ransomware gang (by a large margin from the rest), having acquired more than $ 61,26 million in ransom between February 2018 and October 2019. These estimates were based on complaints received by the FBI Internet Crime Complaint Victim Center.
The current report states that profits have reached at least $ 150 million, which shows that Ryuk has maintained his position at the top, at least for now.
Last year, there were other ransomware gangs, like the REvil, Maze and Egregor, which were very active and managed to infect hundreds of companies around the world. However, there are no relevant reports indicating the total profits of these groups.
One such report came from the security company McAfee in August 2020, which reported that its operators Netwalker ransomware had acquired about $ 25 million between March and August 2020.