(BlockBar) Chainalysis, the United States-based blockchain intelligence firm, has reportedly claimed that 64% of ransomware attack cash-out strategies involve the laundering of funds via cryptocurrency exchanges. To be noted, a ransomware attack involves the infection of a target with malware and the demand of a ransom payment and it is frequently denominated in cryptocurrencies. The payment is demanded in return for the “apparent” delivery of a decryptor tool that can help victims recover access to their data.
Chainalysis provides blockchain analytics tools that enable and equips firms, law enforcement and governments to monitor blockchain transactions and track suspected illicit activities. Chainalysis has identified 38 exchanges that directly received funds from an address associated with a ransomware attack. It has not disclosed their names though.
Among other ransomware cash-out strategies analyzed, 6% involved peer-to-peer networks, and 12% involved mixing services. Some of the others went via merchant services providers or dark web marketplaces. To be noted 9% of ransomware proceeds reportedly remain unspent.
The analysis also observed that ransomware attacks typically involve less complex cash-out networks. According to Chainalysis, this is because a hack often involves a large amount of money leaving a known exchange.
But in contrast to this, ransomware campaigns usually involve smaller and discrete sums to multiple addresses which are apparently less publicized. This helps in avoiding intense and immediate scrutiny.
It is worth considering that Chainalysis also identified a shift in the ransomware threat landscape other than the cash-out strategies. According to the firm, previous trends, had been to conduct wide and shallow attacks which is infecting a large amount of indeterminate victims and seeking small amounts as a ransom to decrypt files. But the recent trends indicate that criminals are shifting to targets with legally or politically sensitive data, along with raising the amount of ransom payment demanded.
In a recent report Coveware’s Q1 2019 Global Ransomware Marketplace has revealed that bitcoin (BTC) continues to account for the lion’s share, which is 98% of crypto-denominated ransomware payments. The report has also found that the average sum demanded had risen 89% from a median $6,733 in Q4 2018 to $12,762 in Q1 2019.