Image: Geralt on Pixabay
A report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits.
The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.
But to understand these dynamics, a short intro into the current ransomware scene is needed. Today, the ransomware landscape is very similar to how modern businesses operate.
There are coders who create and rent the actual ransomware strain via services called RaaS -- or Ransomware-as-a-Service -- similar to how most modern software is provided today.
Some RaaS operators rent their ransomware to anyone who signs up, while others prefer to work with small groups of verified clients, which are usually called "affiliates."
The affiliates are the ones to usually spread the ransomware via email or orchestrate intrusions into corporate or government networks, which they later infect and encrypt with the ransomware they rented from the RaaS operator.
In some cases, the affiliates are also multiple groups themselves. Some are specialized in breaching a company's network perimeter, and are called initial access vendors, while some groups are specialized in expanding this initial access inside hacked networks to maximize the ransomware's damage.
All in all, the ransomware landscape has evolved from previous years and is now a collection of multiple criminal groups, each providing its own highly-specialized service to one another, often across different RaaS providers.
TheChainalysis reportreleased today confirms these informal theories with undisputable and unforgeable cryptographic proof left behind by the Bitcoin transactions that have taken place among some of these groups.
For example, based on the graph below, Chainalysis said it found evidence to suggest that an affiliate for the now-defunct Maze RaaS was also involved with SunCrypt RaaS.
"We see that the Maze affiliate also sent funds roughly 9.55 Bitcoin worth over $90,000 via an intermediary wallet to an address labeled 'Suspected SunCryptadmin,' which we've identified as part of a wallet that has consolidated funds related to a few different SunCrypt attacks," Chainalysis said.
"This suggests that the Maze affiliate is also an affiliate for SunCrypt, or possibly involved with SunCrypt in another way."
Similar findings also show a connection between the Egregor and DoppelPaymer operations.
"In this case, we see that an Egregor wallet sent roughly 78.9 BTC worth approximately $850,000 to a suspected Doppelpaymer administrator wallet," researchers said.
"Though we can't know for sure, we believe that this is another example of affiliate overlap. Our hypothesis is that the Egregor-labeled wallet is an affiliate for both strains sending funds to the Doppelpaymer administrators."
And last but not least, Chainalysis researchers also found evidence that the operators of the Maze and Egregor operations also used the same money-laundering service and over-the-counter brokers to convert stolen funds into fiat currency.
Since several security firms have suggested that the Egregor RaaS is a rebrand and continuation of the older and defunct Maze operation, such findings come to support these theories, showing how old Maze tactics permeated to the new Egregor operation.
"Interesting report and very much aligns with what we are seeing," Allan Liska, a security researcher with threat intel firm Recorded Future, told ZDNet.
"Recorded Future is seeing more fluidity in the RaaS market now than at any other time in the (admittedly short) history of the RaaS market.
"Part of this is because of the reality that there is a growing stratification between the haves and have nots in ransomware. There are fewer actors making a lot of money, so ransomware actors are jumping from one RaaS to another to improve their chances of success," the Recorded Future analyst said.
Furthermore, Liska says there are other connections and overlaps between other RaaS groups, and not just Maze, SunCrypt, and Egregor.
The Recorded Future analyst pointed to the Sodinokibi (aka REvil) RaaS operation as being one of the services where many groups overlap, primarily because the Sodinokibi administrator, an individual going by the name of Unknown, has often actively and openly recruited affiliates from other RaaS programs.
But while we might view these connections and overlaps as a sign of successful cooperation between cybercrime groups, Chainalysis believes that this interconnectedness is actually a good sign for law enforcement.
"The evidence suggests that the ransomware world is smaller than one may initially think given the number of unique strains currently operating," Chainalysis said.
This, in theory, should make cracking down and disrupting ransomware attacks a much easier task since a carefully planned blow could impact multiple groups and RaaS providers at the same time.
According to Chainalysis, these weak spots are the money-laundering and over-the-counter services that RaaS operators and their affiliates often use to convert their stolen funds into legitimate currency.
By taking out legitimate avenues for converting funds and reaching real-world profitability, Chainalysis believes RaaS operations would have a hard time seeing a reason to operate when they can't profit from their work.
Read more from the original source:
Blockchain transactions confirm murky and interconnected ransomware scene - ZDNet
- Blockchain: The Complete Guide | WIRED - February 6th, 2018 [February 6th, 2018]
- What Is Blockchain Technology? - cbinsights.com - February 6th, 2018 [February 6th, 2018]
- 7 Ways Blockchain Will Enable Entrepreneurs in 2018 | Inc.com - February 6th, 2018 [February 6th, 2018]
- Blockchain technology | Microsoft Azure - March 26th, 2018 [March 26th, 2018]
- Blockchain Wallet on the App Store - itunes.apple.com - May 5th, 2018 [May 5th, 2018]
- Bitcoin and Blockchain - Bloomberg - May 5th, 2018 [May 5th, 2018]
- Blockchain - The Daily Reckoning - May 5th, 2018 [May 5th, 2018]
- BIS show London - Blockchain Conference London | FinTech ... - July 14th, 2018 [July 14th, 2018]
- 2018 Bahamas Blockchain & Cryptocurrency Conference - July 27th, 2018 [July 27th, 2018]
- WORLD BLOCKCHAIN CONFERENCE - August 20th, 2018 [August 20th, 2018]
- Azure Blockchain Workbench | Microsoft Azure - September 29th, 2018 [September 29th, 2018]
- Crypto Guru on Bitcoin, ICOs, Blockchain, ETFs, & More ... - September 29th, 2018 [September 29th, 2018]
- Dot Blockchain Media - September 29th, 2018 [September 29th, 2018]
- 75 banks join JPMorgan-led blockchain payment project ... - September 29th, 2018 [September 29th, 2018]
- Walmart will use blockchain to ensure the safety of leafy greens - September 29th, 2018 [September 29th, 2018]
- Malta wants to become 'Blockchain Island' - September 29th, 2018 [September 29th, 2018]
- Walmart is betting on the blockchain to improve food safety ... - September 29th, 2018 [September 29th, 2018]
- From Farm to Blockchain: Walmart Tracks Its Lettuce - September 29th, 2018 [September 29th, 2018]
- The Truth About Blockchain - Harvard Business Review - October 2nd, 2018 [October 2nd, 2018]
- Blockchain.io | Your Gateway to the Internet of Value - October 17th, 2018 [October 17th, 2018]
- Blockchain Whispers: The Most Accurate Crypto Signals - December 8th, 2018 [December 8th, 2018]
- MLG Blockchain - Expert Blockchain Consulting & Development - December 10th, 2018 [December 10th, 2018]
- What Is The Blockchain? - Pixel Privacy - December 27th, 2018 [December 27th, 2018]
- Blockchain Wallet: Bitcoin on the App Store - January 13th, 2019 [January 13th, 2019]
- The Ultimate Guide To Understanding What A Blockchain Is ... - March 20th, 2019 [March 20th, 2019]
- Amazon Managed Blockchain - March 20th, 2019 [March 20th, 2019]
- What Is Blockchain? The Complete WIRED Guide | WIRED - March 20th, 2019 [March 20th, 2019]
- Symmetry - March 28th, 2019 [March 28th, 2019]
- What is Blockchain Technology? A Beginners Guide - April 18th, 2019 [April 18th, 2019]
- Yosemite X uses blockchain tech to shorten payments trip ... - April 20th, 2019 [April 20th, 2019]
- BitcoinSVs blockchain is struggling with its enormous 128MB ... - April 20th, 2019 [April 20th, 2019]
- Jimmy Song discusses Bitcoin, blockchain, and the crypto space - April 20th, 2019 [April 20th, 2019]
- Blockchain on AWS - May 5th, 2019 [May 5th, 2019]
- Blockchain Login Blockchain - June 7th, 2019 [June 7th, 2019]
- German telecom giant hires blockchain professor hopefully, its a good thing - The Next Web - September 25th, 2019 [September 25th, 2019]
- Israeli Startup Creates Offline Wallet With Access to the Blockchain - CoinDesk - September 25th, 2019 [September 25th, 2019]
- Overstock seeks blockchain stock registration with SEC - CoinGeek - September 25th, 2019 [September 25th, 2019]
- Telefnica Making Provisions Not To Miss The Blockchain Boat - Forbes - September 25th, 2019 [September 25th, 2019]
- Verizon and Wells Fargo Are Getting on the Blockchain - Market Realist - September 25th, 2019 [September 25th, 2019]
- Blockchain Mortgages Could Help The Impending Recession - Forbes - September 25th, 2019 [September 25th, 2019]
- The Smartest Way to Buy Blockchain Stocks - Zacks.com - September 25th, 2019 [September 25th, 2019]
- Vodafone litters London with blockchain tokens in new augmented reality game - The Next Web - September 25th, 2019 [September 25th, 2019]
- 5 Enterprise Blockchain Stories of the Week - Forbes - September 25th, 2019 [September 25th, 2019]
- ternity Partners with Uruguay Can to Track Cannabis Production on the Blockchain - GlobeNewswire - September 25th, 2019 [September 25th, 2019]
- Putting blockchain technology to good use - ComputerWeekly.com - September 25th, 2019 [September 25th, 2019]
- Blockchain simplified: How it eliminates the middleman - Big Think - September 25th, 2019 [September 25th, 2019]
- Building On Blockchain Without Code: Proxeus Goes Live - PRNewswire - September 25th, 2019 [September 25th, 2019]
- Googles Quantum Computing Breakthrough Brings Blockchain Resistance Into the Spotlight Again - Forbes - September 25th, 2019 [September 25th, 2019]
- Five things to know about blockchain and CRE - REjournals.com - September 25th, 2019 [September 25th, 2019]
- Blockchain Technology Is Already Improving Lives At 22 Hospitals - Forbes - September 25th, 2019 [September 25th, 2019]
- How Blockchain Is Changing The Game For Social Impact Initiatives - Forbes - September 25th, 2019 [September 25th, 2019]
- The Shift Toward Decentralized Finance: Why Are Financial Firms Turning To Crypto? - Forbes - October 1st, 2019 [October 1st, 2019]
- Could Blockchain Revolutionize the Real Estate Industry? - RisMedia.com - October 1st, 2019 [October 1st, 2019]
- Cross Reality And Blockchain - A New Era Of The VR Industry - Forbes - October 1st, 2019 [October 1st, 2019]
- Vontobel to offer structured product using blockchain technology - Investment Europe - October 1st, 2019 [October 1st, 2019]
- MineRP to partner with Karuschain to adopt blockchain platform - Mining Technology - October 1st, 2019 [October 1st, 2019]
- Stellar Development Foundation proposes to disable inflation mechanism from its protocol - The Block Crypto - October 1st, 2019 [October 1st, 2019]
- BurstIQ raises $5.5M to bring blockchain to the healthcare space - VatorNews - October 1st, 2019 [October 1st, 2019]
- Blockchains Next Frontier: Saving the Planet (and Possibly Pandas, Too) - Observer - October 1st, 2019 [October 1st, 2019]
- Mark Cuban bullish on blockchain, but would take bananas over bitcoin - The Block Crypto - October 1st, 2019 [October 1st, 2019]
- Energy Industry Blockchain Landscape - The National Law Review - October 1st, 2019 [October 1st, 2019]
- US Homeland Security grants blockchain credentialing contract to Danube Tech - Ledger Insights - October 1st, 2019 [October 1st, 2019]
- U Wyoming Spurs Blockchain Development with Hackathon 'Stampede' - Campus Technology - October 1st, 2019 [October 1st, 2019]
- How the blockchain is inspiring organizational design - Quartz - October 1st, 2019 [October 1st, 2019]
- Blockchain At The United Nations Leading Solutions To The Global Crisis - Forbes - October 1st, 2019 [October 1st, 2019]
- Exploring cryptocurrency and blockchain in Iceland - Penn: Office of University Communications - October 1st, 2019 [October 1st, 2019]
- Will Facebook's Libra Overtake Bitcoin Cryptocurrency And The Ethereum Blockchain? How Will It Work? - Forbes - October 1st, 2019 [October 1st, 2019]
- Overstock.com Hones In On Blockchain Identity With Medici Ventures And Evernym Partnership - Forbes - October 1st, 2019 [October 1st, 2019]
- How Blockchain Is Affecting The Marketing And Advertising Industry - Forbes - October 1st, 2019 [October 1st, 2019]
- Japanese Messaging App LINE Positioning Itself As Leader In Blockchain and Crypto Space - Forbes - October 1st, 2019 [October 1st, 2019]
- Could Blockchain Help the Cannabis Industry? Were About to Find Out - Observer - October 1st, 2019 [October 1st, 2019]
- Energy Blockchain Applications Expected to Experience a 67% CAGR - Transmission & Distribution World - October 24th, 2019 [October 24th, 2019]
- Blockchain Technology is Disrupting the Startup Ecosystem - Times of India - October 24th, 2019 [October 24th, 2019]
- Is blockchain the answer for sustainability in the cocoa sector? - ConfectioneryNews.com - October 24th, 2019 [October 24th, 2019]
- Blockchain voting is vulnerable to hackers, software glitches and bad ID photos among other problems - The Conversation US - October 24th, 2019 [October 24th, 2019]
- Blockchain is not the only solution for better and faster payments - Euromoney magazine - October 24th, 2019 [October 24th, 2019]
- Can blockchain restore trust to the fund management and audit industries? - Accountancy Age - October 24th, 2019 [October 24th, 2019]
- Smart contracts and blockchain will provide needed trust, says Princeton professor - TechRepublic - October 24th, 2019 [October 24th, 2019]
- Gartner IT Symposium/Xpo 2019: Blockchain strategy must evolve at the same pace as technology - TechRepublic - October 24th, 2019 [October 24th, 2019]
- Binance CEO: Putin Is the Most Influential Person in Blockchain - Cointelegraph - October 24th, 2019 [October 24th, 2019]