Digital currencies have emerged as a favourite tool for hackers and cyber criminals, as digital currency transactions are nearly anonymous, allowing cyber criminals to use it in underground markets for illegal trading, and to receive thousands of dollars in ransomware attacks—WannaCry, Petya, LeakerLocker, Locky and Cerber to name a few.
Also, every other day we hear about some incidents of hacking of crypto currency exchange or digital wallets, in which hackers stole millions of dollars in Bitcoin or Ethereum.
It’s obvious that after ripping off hundreds of thousands of cryptocurrencies from exchanges, wallets and ransomware victims, cyber criminals would not hold them in just digital form—the next step is to cash them out into real-world money.
But how do they cash out without getting caught by law enforcement?
If you are unaware, there are some crypto currency exchanges involved in money laundering, who are illegally-operating to help hackers and cyber criminals easily cash out their digital currencies without identifying them, i.e. anonymously.
According to a recent research paper presented by three Google researchers, more than 95% of all Bitcoin payments collected from ransomware victims have been cashed out via a Russian cryptocurrency exchange, called BTC-e, since 2014.
„We uncover the cash-out points, tracking how the money exits the Bitcoin network, enabling the authorities to pick up the money trail using conventional financial tracing means,“ the trio researchers, Luca Invernizzi, Kylie McRoberts and Elie Bursztein said.
Key Points — Tracking Ransomware Payments
The researchers followed the step-by-step money trail and got a look at the evolving ecosystem of ransomware families, which already helped make cyber-thieves at least $25 Million in the last two years.
- Most Damaging Ransomware Families: According to the research, two families of ransomware strain helped hackers made most of the money — Locky and Cerber — while other variants are also starting to emerge.
- Criminals looted In Millions: Locky has been the overall biggest earner for hackers at $7.8 Million and was the first ransomware infection to earn above $1 million a month to date, while Cerber has made $6.9 million to date with consistently making more than $200,000 a month.
- Victim’s Favorite Places to Buy Bitcoins: Obviously, victims also need BTC to pay out criminals, and most victims choose LocalBitcoins, Bithumb, and CoinBase to buy BTC, where 90% victims pay in a single transaction.
- How Criminals Cash Out Cryptocurrency: According to the research, more than 95% of all Bitcoin payments for ransomware were cashed out via BTC-e, a service operational since 2011.
- Criminals Renting Out Botnets: Cybercriminal gangs behind Dridex, Locky and Cerber have taken Necurs botnet—army of compromised machines—on rent to distribute their ransomware infections on a massive scale.
Google conducted the research in collaboration with the researchers from New York University, University of California San Diego and blockchain analyst firm Chainalysis.
When talking about BTC-e, the cryptocurrency exchange is believed to have been involved in cashing out Bitcoins stolen from the once-very popular Japanese bitcoin exchange Mt. Gox, which was shut down in 2014 following a massive series of mysterious robberies.