- The target is infected with malware following the demand of a ransom payment.
- The ransomware attacks are typically carried out via smaller discrete sums.
Chainalysis, a blockchain intelligence firm based in the US, recently revealed in a webinar that 64% of ransomware attack involves the laundering of funds via cryptocurrency exchanges. During a ransomware attack, the target is infected with malware following the demand of a ransom payment, mostly denominated in cryptocurrency. Subsequently, the attackers deliver a decryptor tool that can help victims recover access to their data. Chainalysis has allegedly identified 38 exchanges that directly received funds from an address associated with a ransomware attack. However, the firm did not disclose any of their names.
Other ransomware attack involved 12% mixing services and 6% peer-to-peer networks, while others went via merchant services providers or dark web marketplaces. 9% of ransomware proceeds reportedly remain unspent. The attacks typically involve less complex cash-out networks in comparison to crypto exchange hacks. To avoid an immediate audit, the ransomware attacks are usually carried out over smaller discrete sums to multiple addresses which are ostensibly less publicized.
Chainalysis also noted a shift in the ransomware threat landscape. Recent trends indicate that criminals are switching to targets with legally or politically sensitive data, as well as raising the amount of ransom payment demanded in comparison to previous trends where attackers targeted a large number of indeterminate victims and seeking small amounts as a ransom to decrypt files.