How cybercrime launders ransom money following a ransomware attack:

Sophisticated criminal ecosystem

In recent years, cybercrime has transformed into a sophisticated criminal ecosystem built around highly successful money laundering strategies that make it possible to disappear traces of the money obtained through ransom payments by ransomware victims.

Ransomware criminals, after collecting the ransom, must be able to launder the money so as not to leave traces for the investigators who are hunting them. They also have to convert illicit money into legal money in order to spend it. To avoid detection, cyber criminals have continually improved their techniques

Ransomware operators rely on cryptocurrencies and other payment systems that are more difficult to trace. Bitcoin is the cryptocurrency of choice in ransomware attacks due to several factors, including its accessibility, liquidity, and ease of acquisition. Attackers prefer to make a ransom demand in Bitcoin because Bitcoin wallets do not require personally identifiable information. Furthermore, Bitcoin transactions are always final, they cannot be revoked as happens with credit cards.

However, Bitcoin transactions can be done incognito, but they are not anonymous. Therefore, law enforcement can trace payments to their destination, since the value of each transaction and the location of each Bitcoin wallet are both publicly available in the Bitcoin Public Registry. Furthermore, even if the identity of the owner of a wallet is hidden, when you want to convert Bitcoin into fiat money on an exchange, you must reveal your identity.

Recycling with the mixing technique

To increase anonymity, attackers often use mixing services, which redistribute Bitcoins from different sources across multiple addresses to hide the original source of the funds and prevent analysis of transactions.

Wasabi is a wallet that offers mixing service through CoinJoin mixer technology, which has the function of making it more difficult to link cryptocurrency transactions to certain users. CoinJoin combines a hundred different transactions into one, making the tracking process very difficult, if not impossible.

With the CoinJoin mixer numerous transactions are mixed together, and are redirected through a very intricate network and sent to different wallets. This deception promotes bitcoin laundering, or at least allows it to evade detection. Furthermore, the protocol also provides for the implementation of Cryptographic Blinding, which is a cryptographic technique for hiding the content of a message which further increases privacy. The mixing process does not cost much, the commission is 0,3%. The Wasabi wallet only accepts Bitcoin and the minimum suggested amount of Bitcoin is 0,01 Bitcoin per transaction.

Wasabi is a desktop-only wallet and is compatible with Window, Linux and Mac and can be downloaded online. When downloading, the Tor browser will also be downloaded, the most used on the Dark Web. The Tor browser guarantees that connections are totally private, hiding the IP.

Therefore, by combining the privacy of Tor with the CoinJoin mixer and Cryptographic Blinding, the Wasabi wallet presents itself as the most complete and suitable tool for those who want to preserve their privacy. Furthermore, Wasabi is easy to use, and is designed to provide privacy automatically by default.

Convert Bitcoin to Monero

Another technique is called jump chains where criminals exchange Bitcoin for another cryptocurrency such as Monero (XMR). It is a cryptocurrency that many attackers prefer due to its anonymity. Monero is able to carry out transactions that leave no traces in order to hide the origin of the funds, so that neither the sender nor the beneficiary can be identified and traced.

However, when you need to exchange Bitcoin for Monero, you must go through an exchange which, in compliance with the law, asks for the user's identity data. In this regard, there is an exchange that claims not to require any type of prior data registration to make an instant change from Bitcoin to Monero. This is which, through the online interface, claims to be able to make the exchange on the spot, or to be able to sell cryptocurrencies in exchange for fiat money to be credited to a credit card.

How to track ransom money with new technologies

The investigators don't stand by and watch. They have refined refined technologies that scan the blockchain for the wallets in which the victim's payments are accumulated and the wallets into which the funds are subsequently transferred. By means of machine learning with file scanning it is possible to link various types of ransomware to specific bitcoin wallets.

It is not easy to identify these movements because criminals use the mixing system, but as always the most delicate point is at the end of the chain, when you want to collect the money. In this regard, investigators have discovered that criminals tend to empty wallets in favor of a single wallet which is called accumulation wallet. This accumulation wallet is used to cash out up to 1 million dollars in a few weeks. Once the accumulation wallet has been discovered, we move on to examine all the movements that have converged there in order to connect the ransom payments.

In conclusion, we have seen that in recent years the ransom has become one of the most profitable assets of cyber criminals. Companies should raise awareness among their employees and collaborators not to click on unknown emails and to back up their data much more often, if we do not want ransomware, which is already a multi-billion dollar industry, to continue to grow even more.

error: Content is protected !!