"Ransomware Hackers Launder Bitcoin Through Just a Handful of Locations, Researchers Find"
Cybercrime investigators suggest that the growing trend of increasingly large ransomware cash demands and attack frequency is the result of a specialized black market economy, not the work of a large number of criminals. This specialized black market economy is said to consist of hackers with various skill-sets that collaborate with each other to commit cybercrimes. Any profits gained from these crimes are split among the collaborating hackers. It seems that most of the black market economy is made up of a relatively small number of attack groups. These groups operate under a malware-as-a-service business model, taking a significant piece of the profits and relying on money laundering schemes to conceal the paths they have taken. Researchers have looked at this activity via the blockchain, which is a decentralized distributed ledger where cryptocurrency transactions are processed and finalized. Ransomware victims typically use bitcoin to pay attackers to unlock their systems and decrypt their data. These transactions are recorded on the blockchain. Chainalaysis analyzed bitcoin deposit addresses tied to attack groups to learn more about hackers' financial relationships and how they move illicit money. The company found that over $340 million in bitcoin has traveled through known ransomware wallets. Ransomware attackers have been observed moving most of their funds to cryptocurrency exchanges and mixers in which cryptocurrency from different sources are blended to hide its origin. This article continues to discuss findings surrounding the ransomware industry regarding how attack groups operate, collaborate, and move stolen funds, in addition to the financial impact that ransomware attacks have had on US organizations.