Home / Archive / Ransomware Crooks Cashed Out $16 Million from Defunct Bitcoin Exchange: Google Research
3 min read

Ransomware Crooks Cashed Out $16 Million from Defunct Bitcoin Exchange: Google Research

Last Updated March 4, 2021 2:45 PM
Justin OConnell
Last Updated March 4, 2021 2:45 PM

By CCN.com: In the two years leading up to 2018, a spate of ransomware attacks were analyzed in a report by a team of researchers hailing mostly from leading U.S. universities and Google. Results showed a conservative estimate of total funds stolen to be $16 million, with bitcoin providing a way for malicious actors to take payment from anywhere in the world.

The first quarter of 2019 has perhaps seen these types of attacks become more frequent and severe. Citing cases involving Ryuk, a notorious family of ransomware, the amounts demanded to be paid have reportedly increased by 90%  since the end of last year. This marks an average ransom of $12,762 as compared to $6,733 in Q4 of 2018 .

A threat to businesses and local authorities

Numerous attacks were carried out in April on U.S. based targets. The city of Greenville, North Carolina is still dealing with the fallout  from a RobinHood ransomware infection; on April 13, Imperial County, California was struck by Ryuk ransomware  causing some city systems to cease working; the very same day Stuart, Florida was hit by Ryuk,  also, forcing a temporary shutdown of payroll, utilities, and other important functions.

Other attacks targeted infrastructure in Augusta, Maine  as well as the Cleveland Hopkins International airport, which suffered outages of flight and baggage information that took up to a week to resolve . For private enterprise it is often easier to pay up rather than suffer the costs of downtime typically 10x the amount of the actual ransom  but this would be highly problematic for local authorities who cannot be seen to incentivize these types of attacks.

Ransomware, bitcoin
Ransomware has proved a thorn for businesses and public services alike. | Source: Shutterstock

The usual suspects

Rogue hackers hailing from North Korea, Iran, and Russia are leading suspects for many ransomware attacks. Ryuk is seen as a scheme led by a group or groups of Russians which would explain the focus on U.S. municipalities and enterprises: a joint-report in February 2019 by cybersecurity companies McAfee and Coveware  states that attackers from post-Soviet states seem to express an underlying view of “the capitalistic West versus the poor East”.

Meanwhile, another family of ransomware, Cerber, was found to have probably stolen around $2.5 million from South Korean victims. Ryuk was at first mistakenly reported  to be the work of North Koreans.

Since the fall of BTC-e, a Russian-based exchange which authorities say was used to launder ill-gotten gains from ransomware, its successor WEX has also suffered closure amid claims that Iranian hackers used the exchange to clean $6 million worth of bitcoin. This is a game of cat and mouse that looks set to continue.

PayPal gains patent to fight ransomware

One positive note from among the chaos is the news of PayPal securing a patent on a technique for preventing and stopping ransomware infections. Hoping to provide the means for detecting the onset of an attack, its software seeks to back-up user data when it finds a third-party program is trying to encrypt files.

PayPal would do well to make virtual currencies safer to use; the payment processing giant has also been researching faster payments with crypto and will seek a secure means of implementing the technology.