In cursory: Offense doesn't pay, so the saying goes, though the operators behind the Ryuk ransomware would probably disagree. Security researchers believe that criminals have gained more than $150 million from victims who paw over the Bitcoin ransom.

Threat intelligence visitor Advanced Intelligence and cybersecurity firm HYAS in a joint written report wrote that they tracked 61 Bitcoin wallets attributed to Ryuk ransomware. They discovered that criminals transport most of the crypto to an exchange via an intermediary to cash out.

Once a victim's coin is paid to a broker, they send it to the Ryuk operators who move most through laundering services. It then reaches exchanges where information technology is either cashed out or used on criminal enterprises.

Rather than preferring obscure crypto exchanges, the criminals utilise well-established names, such as the Asia-based Binance and Huobi. Both require proof of identity before someone can transfer fiat currencies to a bank, though the ransomware gangs are probable using fake IDs.

"In addition to Huobi and Binance, which are big and well-established exchanges, in that location are significant flows of crypto currency to a collection of addresses that are as well small-scale to be an established exchange and probably represent a law-breaking service that exchanges the cryptocurrency for local currency or some other digital currency," write the researchers.

Ryuk payments are usually in the hundreds of thousands of dollars range, though some victims stop up paying millions. Local governments are a pop target for the operators; Jackson Canton and Cardinal Biscayne were both hit by Ryuk, which remains the well-nigh profitable variant of ransomware.