Blockchain transactions confirm murky and interconnected ransomware scene
Chainalysis, a blockchain investigations firm, published a new report today that confirms cybercrime groups who perpetrate ransomware attacks are interconnected. According to Chainalysis’s findings, the threat actor groups often switch ransomware supplies, RaaS services, seeking better profits and therefore connecting APT groups in a web of cybercrime. The firm investigated how Bitcoin funds were transferred from victims to criminal groups, looking for answers as to how the money is eventually laundered after being divided amongst different parties involved in the initial attack.
Chainalysis stresses that RaaS operators prefer to work with small groups of “verified” clients, who then spread the ransomware through email or operations in which corporate or government networks are breached and infected. The report provides undisputable cryptographic proof that the malicious groups are connected. For example, evidence found by Chainalysis suggests that an affiliate or client of the Maze RaaS was also involved with SunCrypt.