Ryuk Gang Uses Binance and Huobi
Ryuk ransomware is one of the prominent threat groups targeting companies all over the world, with the main focus on healthcare services. The malware group is one that uses the double-extortion strategy of stealing sensitive data before encrypting the target’s systems. This would help them force victims into paying the ransom better than just asking them to pay with a note. Since leaking the stolen data degrades the victim’s image, they’re more likely to pay the ransom, and this method has worked to date. Now, it’s estimated that the Ryuk ransomware group may have made over $150 million from this strategy. Also Read- Hackers Stole More Than $40 Billion in Cryptocurrency Data Breach This was reported by two security firms – Advanced Intelligence and HYAS, where the researchers have tracked the Bitcoins being poured into Ryuk group’s wallets, which were then cashed out through legitimate platforms. Overall, the researchers have pointed out about 65 wallets belonging to Ryuk ransomware.
They also explained that the ransom payment made by victims wasn’t directly deposited into Ryuk group’s, but will first be welcomed into a broker’s wallet, and then to Ryuk’s. These payments were then transferred to a Bitcoin mixer, a specialized service to mask the transaction paths, and make it harder for snoopers to decode the sources. Also Read- Ryuk Ransomware is Found Responsible for the Hack on New Orleans City Later, they’d be brought into cryptocurrency exchanges by the intermediaries (Bitcoin mixers) through a well-crafted circuit, to cash out into fiat currencies. Researchers said the Ryuk group has been using two major exchanges – Binance and Huobi for converting their ransom Bitcoins into desired currencies. Also, it’s said that Ryuk deposited their Bitcoins into not just popular exchanges, but also the small ones in hefty terms. One of the largest ransoms being tracked to Ryuk’s wallet is worth 365 Bitcoins, valuing over $5 million.
