Chainalysis: 64% of Ransomware Attackers Launder Proceeds via Crypto Exchanges

Published at: June 1, 2019

United States-based blockchain intelligence firm Chainalysis claims that 64% of ransomware attack cash-out strategies involve the laundering of funds via cryptocurrency exchanges. The data was revealed in a Chainalysis webinar attended by Cointelegraph on May 30.

A ransomware attack involves the infection of a target with malware and the demand of a ransom payment — frequently denominated in cryptocurrencies. The payment is demanded in return for the ostensible delivery of a decryptor tool that can help victims recover access to their data.

Chainalysis — which provides blockchain analytics tools that enable firms, governments and law enforcement to monitor blockchain transactions and track suspected illicit activities — claims that 64% of ransomware attackers launder their ill-gotten funds via crypto exchanges.

Chainalysis has ostensibly identified 38 exchanges — without disclosing their names — that directly received funds from an address associated with a ransomware attack.

Among other ransomware cash-out strategies analyzed, 12% involved mixing services and 6% involved peer-to-peer networks, while others went via merchant services providers or dark web marketplaces. 9% of ransomware proceeds reportedly remain unspent.

The analysis also noted that ransomware attacks typically involve less complex cash-out networks as compared with crypto exchange hacks. Chainalysis argued that this is because a hack often involves a large amount of money leaving a known exchange, often attracting high media publicity, and requiring that hackers conceal the flow of funds more robustly.

By contrast, ransomware campaigns typically involve smaller discrete sums to multiple addresses and are ostensibly less publicized, thereby avoiding intense, immediate scrutiny.

In addition to cash-out strategies, Chainalysis also identified a shift in the ransomware threat landscape. Previous trends, according to the firm, had been to conduct wide and shallow attacks — infecting a large amount of indeterminate victims and seeking small amounts as a ransom to decrypt files. Recent trends, however,  indicate that criminals are shifting to targets with legally or politically sensitive data, as well as raising the amount of ransom payment demanded.

As recently reported, Coveware’s Q1 2019 Global Ransomware Marketplace report revealed that bitcoin (BTC) continues to account for the lion’s share — 98% — of crypto-denominated ransomware payments. The report, echoing Chainalysis’ claims, found that the average sum demanded had risen 89% from a median $6,733 in Q4 2018 to $12,762 in Q1 2019.

Tags
Related Posts
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Exit Scam? Dublin-Based Exchange Bitsane Vanishes With Users’ Funds
Ireland-based cryptocurrency exchange Bitsane has apparently vanished, taking as many as 246,000 users’ crypto deposits with it. The news was reported by Forbes on June 27. Launched in 2016, Dublin-registered Bitsane LP was formerly listed as one of Ripple’s approved exchanges — a January 2018 CNBC article had also pitched the exchange as an option for investors seeking to trade XRP ahead of its listing on major platforms such as Coinbase. According to Forbes, user withdrawals on Bitsane began faltering in May of this year, with allegedly technical reasons cited as the reason for their temporary disabling. By June 17, …
Cryptocurrency Exchange / June 28, 2019
PwC: Bitcoin Ransomware Hackers Laundered Money via WEX Exchange
Big Four consulting and auditing company PwC has linked Iranian nationals behind Bitcoin (BTC) ransomware scheme SamSam to the crypto exchange WEX in a recent report published in February. The report is based on information that was previously disclosed by the United States Department of Justice (DoJ). As per the DOJ, two Iranians — Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri — were responsible for creating SamSam. SamSam is a ransomware demanding Bitcoin that reportedly damaged multiple U.S. companies, government agencies, universities, and hospitals. Within 34 months the hackers managed to extort over $6 million in Bitcoin and cause …
United States / March 4, 2019
BlockShow Americas 2018 Goes Live With ‘Wall Street vs Crypto’ Panel Discussion
The BlockShow Americas 2018 conference kicked off Monday, Aug. 20 in Las Vegas. The first panel discussion involved a heated debate between proponents of two opposite views of how — and if — blockchain should be regulated and adopted by institutions around the globe. BlockShow is a series of fintech and crypto events, usually held in Singapore and Europe; the previous BlockShow took place in Berlin in the spring of this year. The opening panel, titled “Wall Street vs Crypto,” brought together a number of industry experts to discuss the future potential of cryptocurrencies like Bitcoin (BTC), and the importance …
Blockchain / Aug. 20, 2018
Ukraine: Four Arrested for Running Fake Crypto Exchanges
Ukrainian police have arrested a group of four men suspected of running six fake cryptocurrency exchanges, Bleeping Computer reported June 21. Four men between ages 20 and 26 allegedly launched at least six digital currency exchanges, where they deceived users, subsequently stealing money from them. The alleged culprits lured users by promoting the exchanges with fake positive ratings and online reviews. The police reportedly said that the suspects had "special knowledge and skills in the field of programming" and "have created their own CMS-system for managing the content of exchange sites." During the raid of the suspects’ homes, the police …
Cryptocurrency Exchange / June 22, 2018