"Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million"
Researchers from HYAS and Advanced Inteligence LLC looked at transactions for known Bitcoin addresses associated with Ryuk ransomware and have concluded that the Ryuk ransomware criminal enterprise is worth more than $150,000,000. Ryuk ransomware was first seen in the wild in 2018 and is operated by Russian cybercriminals. Ryuk has become one of the most prevalent malware families, being used in various high-profile attacks, such as targeting the Pennsylvania-based UHS and Alabama hospital chain DCH Health System. The researchers believe that Ryuk is operated by the same cybercriminals behind the TrickBot Trojan. The researchers traced 61 deposit addresses associated with the ransomware and found that most of the funds were sent to exchanges through intermediaries for cash out. The cybercriminals appear to be primarily using the Asian crypto-exchanges Huobi and Binance. Additionally, the researchers found that Ryuk operators are sending “significant flows of cryptocurrency” to several small addresses that the researchers believe is a crime service that exchanges the cryptocurrency for local currency or another digital currency.
SecurityWeek reports: "Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million"