Menu
Papua New Guinea Computer Emergency Response Team
  • Common Threats
  • Guides
  • Alerts
  • Events
  • News
  • Report Incident
  • International Cyber Security Awareness Month
Close Menu
Home
About
Policies
Services
Downloads
Contact Us
  1. Home /
  2. Alerts /
  3. Understanding the Use of Cryptocurrency /
Photo by Pierre Borthiry on Unsplash
February 11 2021

Understanding the Use of Cryptocurrency by Ransomware Operators

Alerts, News, Tips

Ransomware-as-a-Service (RaaS) has become a lucrative enterprise. As per research by Chainalysis, blockchain transactions prove that ransomware attacks are interconnected. 

What does the research say?

The report connects the four major ransomware families of 2020 – egregor, SunCrypt, DoppelPaymer, and the now-defunct Maze. Blockchain analysis displays overlapping of affiliates, along with other connections, between these four ransomware gangs. 
  • Egregor came into prominence right after Maze shut down the shop. Most of its affiliates moved to Egregor, which has made some experts suspect that Maze has rebranded as Egregor. In addition, Maze and Egregor share similarities in codes, ransom notes, and victim payment sites.
  • Evidence regarding the connection of a Maze RaaS affiliate with SunCrypt RaaS has been detected. The former had sent 9.55 Bitcoin to an address labeled Suspected SunCryptadmin.
  • Similar relationships have been found to exist between Egregor and DoppelPaymer. Egregor had sent approx. $850,000 to an alleged DoppelPaymer admin wallet.

What does this imply?

Although these connections do not suggest that the groups have a common admin, it is certain that there are affiliate overlaps. It is also determined that Maze and Egregor have the same OTC brokers that convert cryptocurrency into cash. 

More insights

  • Ransomware operators have made at least $350 million in ransom payments last year and most of the funds move to cryptocurrency exchanges.
  • While only 199 deposit addresses receive 82% of the funds, a smaller group of 25 addresses receives 46%. Between August and December 2020, the smaller group made more than $63 million worth of Bitcoin.

The bottom line

These findings bring forth lots of interesting information about the ransomware landscape, including greater fluidity in the RaaS market. Experts believe that the interconnected landscape is a good thing when it comes to law enforcement as the ransomware world is smaller than we are made to believe. Hence, it is expected that this would expedite the process of bringing down ransomware families.
Vulnerabilities in Apple devices reportedly being targeted by attackers If you use Slack on Android, reset your password now

Related Posts

Photo by Sigmund on Unsplash

Alerts, News

Android spyware strains linked to state-sponsored Confucius threat group

Photo by Markus Winkler on Unsplash

News

Researchers Discover 30 Popular Mobile Health Apps Exposing Millions of Patient Records

Photo by Sven Read on Unsplash

Alerts, News

Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products

Recent Posts

  • Android spyware strains linked to state-sponsored Confucius threat group February 12, 2021
  • Researchers Discover 30 Popular Mobile Health Apps Exposing Millions of Patient Records February 12, 2021
  • Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products February 12, 2021
  • Domestic Kitten is Actively Surveilling Enemies of the Iranian State February 12, 2021
  • If you use Slack on Android, reset your password now February 11, 2021
Back To Top
Follow Us

Explore

  • Home
  • About
  • Policies
  • Services
  • Downloads
  • Report Incident
  • Contact Us

Our Office

PNGCERT
C/-NICTA
Frangipani Street, Hohola
P O Box 8222
BOROKO
National Capital District
Papua New Guinea

Related Links

  • CERT New Zealand
  • Australian Cyber Security Center
  • Safer Internet Day
  • Pacific Cyber Security Operational Network
  • National Information & Communications Technology Authority (NICTA)
  • Get Safe Online Papua New Guinea

Contact Us

MON – FRI: 8 AM to 5 PM
Telephone: 3033200
Facsimile: 3266868

© 2023
Papua New Guinea Computer Emergency Response Team
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT