Security research presented at the Black Hat USA 2017 conference on Thursday showed that Bitcoin asset trading platform BTC-e was responsible for cashing out more than 95% of all ransomware payments made for last 4 years.
The project, named “Tracking Ransomware End to End” analyzed 34 ransomware families based on a total of 301,588 ransomware binaries stored on VirusTotal website.
Security experts created scripts that analyzed each ransomware binary, extracted Bitcoin wallet addresses, and passed the data to Chainalysis researchers who then tracked if Bitcoin moved through those wallets, and where it went.
In 2016 monthly ransomware payments exceeded $1 million per month, and even surpassed $2 million. This huge growth can be attributed to two main ransomware families – Locky and Cerber, both of them appeared in 2016.
According to Google’s research, the Locky operators earned around $7.8 million, while the Cerber cyber crooks made $6.9 million.
The Bitcoin ransomware earnings were easily converted into real-world currency using BTC-e trading platform. The research showed that BTC-e is responsible for cashing out 95% of all the Bitcoin ransom payments.
On Wednesday Greek police arrested BTC-e’s owner Alexander Vinnik based on an international warrant issued by U.S. officials. The U.S. Department of Justice accused BTC-e’s owner of assisting ransomware operators to cash out ransom payments, but also accused him of laundering Bitcoins stolen from hacked Bitcoin trading platforms, including Mt. Gox, Bitcoinica, Bitfloor, and others. U.S. authorities believe that BTC-e trading platform helped launder over $4 billion in illegal funds.