Categories: News

The Ryuk ransomware operators made $150m in crypto

The researchers assume that the operators of the Ryuk ransomware managed to make more than $150m, in cryptocurrency. The security specialists studied the flaw of Bitcoin to the ransomware operators.

The AdvIntel company, together with the Hyas vendor came with a report which analyzed “61 crypto addresses attributed to Ryuk ransomware.”

The choice of the Ryuk operators

So, according to the researchers, the group sent most of the crypto it collected to Huobi and Binance. These are exchanges based in Asia, which could keep them away from the authorities, according to the authors of the analysis.

According to the research, “Huobi and Binance are interesting choices because they claim to comply with international financial laws.” Still, “they are willing to participate in legal requests”, but their structure “wouldn’t obligate them to comply.”

Also, according to the analysis, Huobi and Binance are Chinese companies. Still, they moved their business to more friendly to cryptocurrency exchanges” countries.

In order to build trust, both exchanges demand identity documents in order to allow crypto currencies exchange and transfers to banks. Still, “it isn’t clear if the documents they accept are scrutinized in any meaningful way.”

Also, the researchers managed to see “significant flows of cryptocurrency to a collection of addresses that are too small to be an established exchange.” So, their conclusion was that these might be “a crime service that exchanges cryptocurrency for local currency or another digital currency.”

Researchers managed to discover that the Ryuk authors asked their victims to pay the ransomware to a well-known broker. Then, the broker sends money to the hackers. Thus, the group receives “hundreds of thousands of dollars.”

No chat. Only two email addresses

The attackers used two email addresses on the free encrypted mail platform ProtonMail, in order to communicate with their victims.

But they chose the most valuable targets using a precursor malware, in order to assess their solvency. Thus, the experts consider that the attackers behind Ryuk act as a business.

So, they recommend organizations first of all to defend against the precursor malware, such as Emotet or Zloader. In order to do this, they should use multi-factor authentication. Also, they should avoid Microsoft Office macros in their environments.

Laurentiu Titei

Recent Posts

What Is an RPMSG File and How to Open It in Windows

“My client sent me an RPMSG file as an email attachment, but I can’t open…

5 hours ago

How to Fix File Explorer Not Opening Windows 11

Is the File Explorer not opening? Understandably, this must be frustrating, especially if finding files,…

23 hours ago

Universal USB Joystick Driver Download for Windows 11 & 10

If you wish to download and update the USB Joystick driver for Windows 10/11, you…

1 day ago

How to Debloat Windows 11 for Better Performance

Do you find certain background processes and AI tools disruptive in Windows 11? Do you…

2 days ago

How to Fix Dolby Atmos Not Working in Windows 11 and 10

Dolby Atmos technology’s best quality and incredibly detailed sound make the action on your screen…

3 days ago

Fastest Browsers for Windows 11,10,8,7 in 2026

Time is money. Every second you wait for the browser to load pages, you could…

4 days ago