Ransomware attacks were the most observed security incidents in 2020. Multiple attacks and new ransomware variants were reported. Recently, a series of Ryuk ransomware attacks targeted multiple hospitals in the U.S. Cybercriminals compromised critical network systems across six hospitals in a single day. Joint research from threat intelligence company Advanced Intelligence (AdvIntel) and security firm HYAS claimed that the Ryuk ransomware operators earned more than $150 million worth of Bitcoins from ransom payments after their cyber intrusions globally. Research found that the payments to 61 Bitcoin addresses were attributed and linked to Ryuk ransomware attacks.
The companies stated that ransomware operators transferred their ransom payments to money laundering services, distributed in hacking forums, or cashed out in cryptocurrency exchanges.
“Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims. These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range,” AdvIntel and HYAS said in a statement.
Ryuk’s Bitcoin Circuit
AdvIntel and HYAS claimed that Ryuk operators converted their Bitcoins into currency by using fake accounts on two cryptocurrency portals – Binance and Huobi. One of the largest transactions involving a Ryuk wallet found during this investigation was above $5 million (365 Bitcoins).
“In addition to Huobi and Binance, which are large and well-established exchanges, there are significant flows of crypto currency to a collection of addresses that are too small to be an established exchange and probably represent a crime service that exchanges the cryptocurrency for local currency or another digital currency,” AdvIntel and HYAS added.
Ryuk ransomware has been active for two years targeting various organizations globally, focused mostly on the health care sector. The ransomware operators succeeded in economic terms and made their disruptive impact on many industries.