A ransomware attack involves the infection of a target with malware and the demand of a ransom payment — frequently denominated in cryptocurrencies. The payment is demanded in return for the ostensible delivery of a decryptor tool that can help victims recover access to their data.
United States-based blockchain intelligence firm Chainalysis claims that 64% of ransomware attack cash-out strategies involve the laundering of funds via cryptocurrency exchanges. The data was revealed in a Chainalysis webinar attended by Cointelegraph on May 30.
Chainalysis — which provides blockchain analytics tools that enable firms, governments and law enforcement to monitor blockchain transactions and track suspected illicit activities — claims that 64% of ransomware attackers launder their ill-gotten funds via crypto exchanges.
Chainalysis has ostensibly identified 38 exchanges — without disclosing their names — that directly received funds from an address associated with a ransomware attack.
Among other ransomware cash-out strategies analyzed, 12% involved mixing services and 6% involved peer-to-peer networks, while others went via merchant services providers or dark web marketplaces. 9% of ransomware proceeds reportedly remain unspent.
The analysis also noted that ransomware attacks typically involve less complex cash-out networks as compared with crypto exchange hacks. Chainalysis argued that this is because a hack often involves a large amount of money leaving a known exchange, often attracting high media publicity, and requiring that hackers conceal the flow of funds more robustly.
By contrast, ransomware campaigns typically involve smaller discrete sums to multiple addresses and are ostensibly less publicized, thereby avoiding intense, immediate scrutiny.
In addition to cash-out strategies, Chainalysis also identified a shift in the ransomware threat landscape. Previous trends, according to the firm, had been to conduct wide and shallow attacks — infecting a large amount of indeterminate victims and seeking small amounts as a ransom to decrypt files. Recent trends, however, indicate that criminals are shifting to targets with legally or politically sensitive data, as well as raising the amount of ransom payment demanded.
As recently reported, Coveware’s Q1 2019 Global Ransomware Marketplace report revealed that bitcoin (BTC) continues to account for the lion’s share — 98% — of crypto-denominated ransomware payments. The report, echoing Chainalysis’ claims, found that the average sum demanded had risen 89% from a median $6,733 in Q4 2018 to $12,762 in Q1 2019.