Security News > 2021 > January > Ryuk Rakes in $150M in Ransom Payments

Joint research released this week from Brian Carter, principal researcher at HYAS, and Vitali Kremez, CEO at Advanced Intelligence, took a the look under the Ryuk hood concerning the business operations of the group.

The two were able to trace payments involving 61 Bitcoin deposit addresses attributed to the Ryuk ransomware.

"The Ryuk criminals send a majority of their Bitcoin to exchanges through an intermediary to cash out," the researchers explained.

This "Well-known broker" essentially collects Bitcoin payments from ransomware victims and then exchanges them for fiat currency - traditional paper money - for the Ryuk gang.

"Ryuk doesn't currently use a web-based chat like many other ransomware operations do," the researchers noted, which has allowed them some limited visibility into how the Ryuk operators interact with their victims.

"Sometimes the victims will attempt to negotiate with Ryuk and their significant offers are denied with a one-word response. Ryuk did not respond or acknowledge one organization that claimed to be involved in poverty relief and lacked the means to pay."

News URL

https://threatpost.com/ryuk-150m-ransom-payments/162905/