In 2020, it is still part of the Wild West cryptocurrency as stolen cryptocurrencies continue to be replaced by hacks and ransomware attacks on major stock exchanges around the world. Ransomware attacks have proven to be a lucrative cow for cybercriminals in recent years, with the US FBI valuing over $ 144 million in bitcoin theft between October 2013 and November 2019.

An FBI press conference in February revealed the huge amount that victims paid in ransom to attackers desperate to regain access to their infected systems and data. Interestingly, the attackers received most of the ransom in Bitcoin (BTC). Researchers recently took a sample of 63 ransomware-related transactions, which were about $ 5.7 million in stolen money, and found that over $ 1 million in bitcoin was spent on Binance after a series of transactions through various wallet addresses.

Hackers and various cybercriminal groups use a number of notorious forms of ransom. Cybersecurity company Kaspersky noted a sharp increase in the number of attacks of this type targeting large companies in July and identified two specific malicious threats: VHD and Hakuna MATA.

These specific threats seem pale in comparison to the amount of cryptocurrency stolen using mainstream malware like Ryuk ransomware. This is why Ryuk has been the preferred attack method and what can be done to prevent and deter attackers from making their illegal profits on the major exchange platforms.

Troy at the city gates: Ryuk
These new attackers, mentioned in Kaspersky’s July report, did not have the same reputation as the Ryuk ransomware. Towards the end of 2019, Kaspersky Lab released a new report highlighting the situation in municipalities and cities that have been victims of ransomware attacks. The company has identified Ryuk as the preferred vehicle for attacks against larger organizations, with government and local government regulations as its primary target in 2019.

Ryuk debuted in the second half of 2018 and caused havoc, spreading across computer networks and systems around the world. Named after the famous character Ryuk from the Death Note manga, the malware is a clever way to counter the Angel of Death, which has fun by sending the Death Note into the human world, which allows those who discover the records to kill anyone who knows only name and appearance. …

Malware usually has a two-step policy that allows attackers to scan the network first. This usually starts with a large number of devices receiving emails containing a document that users might accidentally download. The attachment contains the malicious Emotet Trojan bot, which is activated when the file is downloaded.

In the second phase of the attack, the Emotet bot contacts its servers to install other malware known as Trickbot. It is software that allows an attacker to investigate the network.

If attackers find themselves in the notorious honey pot, that is, in the network of large companies, government or municipal institutions, the Ryuk ransomware program will spread to different nodes of the network. This is the vector that actually encrypts the system files and stores the data as ransom. Ryuk encrypts local files on individual computers and files transferred over the network.

In addition, Kaspersky explained that Ryuk can also force other computers on the network to switch if they are in sleep mode, spreading malware across multiple nodes. Generally, files on computers on the sleeping network are not available, but if Ryuk malware can wake up those computers, it will encrypt files on those devices as well.

There are two main reasons why hackers try to attack state or municipal computer networks. First, many of these systems are covered by insurance, which increases the likelihood of receiving cash payments. Second, these larger networks are inherently linked to other larger networks, which can lead to a far-reaching deterrent effect. Systems and data that operate on completely different partitions can be affected, requiring quick fixes, often leading to attacks.

Counteracting the exchange of funds on the largest exchanges
The end goal of these ransomware attacks is very simple: demand a large amount, usually in cryptocurrencies. Bitcoin has been the preferred payment option for attackers. Using a well-known cryptocurrency as the preferred payment method has unintended consequences for attackers, as the transparency of the bitcoin blockchain means that these transactions can be tracked at the micro and macro levels.

Source: CoinTelegraph