Ryuk’s Bitcoin ransoms end up on Binance and Huobi, report

The hacking crew behind the prolific Ryuk ransomware has reportedly bagged $150 million worth of Bitcoin in the past three years.

A joint report by cybersecurity firms Advanced Intelligence and HYAS also found Ryuk ransoms are ending up on major crypto exchanges Binance and Huobi.

Ryuk infected networks powering dozens of US schools, hospitals, and government offices last year — even the City of New Orleans, which spent $3 million to recover systems after an employee was phished by a malicious email.

Update on ransomware attacks against state and local governments for 2020:
1. 134 *publicly reported* attacks, compared to 111 for 2019.
2. Top 3 states: TX, CA, and NC
3. Top 3 variants: Ryuk, DoppelPaymer, REvil
4. 53 of those attacks were against school systems. pic.twitter.com/pgSvO4asRZ

— Allan “Ransomware Sommelier🍷” Liska (@uuallan) January 5, 2021

Exactly how the hackers bypassed Binance and Huobi’s supposedly strict KYC/AML procedures isn’t clear, however the researchers simply suggested they’ve used fake identities.

Protos has reached out to Binance and Huobi for comment, and we’ll update this piece should we hear back.