Ryuk Ransomware Operators Have Earned Over $150 Million
Cybersecurity researchers from Advanced Intelligence and HYAS have calculated that the operators behind the Ryuk ransomware have amassed over $150,000,000 in Bitcoin. This estimate is based on monitoring 61 Bitcoin addresses linked to Ryuk-related attacks.
According to analysts, “Most of the Ryuk ransom payments are received from a well-known broker who makes payments on behalf of ransomware victims. These payments can sometimes reach millions of dollars, but more often are in the hundreds of thousands.”
After the ransoms are collected in hacker-controlled accounts, the funds are transferred to specialized money laundering services. From there, the money is either funneled back into the black market to pay for other criminal services or cashed out through cryptocurrency exchanges. Interestingly, analysts note that Ryuk operators are not shy about using major, well-known exchanges like Binance and Huobi (using stolen identities) to convert cryptocurrency into fiat money, even though criminals typically prefer less prominent exchanges for such operations.
Recent Ryuk Activity and FBI Data
The report also includes recent data on Ryuk’s operations. In February 2020, FBI representatives spoke at a cybersecurity conference in South Africa, stating that Ryuk was undoubtedly the most profitable ransomware on the market. According to the FBI, from February 2018 to October 2019 alone, Ryuk operators “earned” $61,260,000.
Now, analysts from Advanced Intelligence and HYAS estimate the group’s total earnings at $150,000,000, confirming that Ryuk remains the most lucrative ransomware operation. For example, one of the largest Ryuk transactions discovered during the investigation was over $5,000,000 (365 bitcoins), and this was not even the highest ransom demanded by the attackers.
- Chatex — a top cryptocurrency exchange on Telegram!
Check out our other channels and partners!