Operators of Ryuk, one of the world’s most popular ransomware variants, have extorted more than $150 million from victims.
This is according to a report published by cybersecurity firms Advanced Intelligence and HYAS, which claims that a total of 61 Bitcoin addresses associated with Ryuk operators have been identified.
“Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims,” the report reads. “These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range.”
Cashing out, however, isn’t that easy, as selling cryptocurrencies on exchanges has become more difficult thanks to AML (anti-money laundering) and KYC (know your customer) legislation.
Criminals are known to use smaller exchanges to sell cryptocurrencies, some of which have weaker KYC enforcement. Ryuk operators, on the other hand,have allegedly used two of the world’s most popular cryptocurrency exchanges: Binance and Huobi. Researchers say they most likely used stolen identities to pass KYC tests.
Even though Ryuk is considered the most lucrative ransomware, it’s far from being the only strain out there. REvil, Maze, and Egregor have also been very active, targeting hundreds of companies.