Law enforcement agencies in Ukraine, South Korea, the U.S., Spain and Switzerland have arrested suspected members of a crypto-linked cybercrime group believed to be responsible for laundering more than US$500 million from ransomware attacks, according to a statement released by Binance today.
- The group, known as Fancycat, is thought to have been involved in ransomware attacks such as Cl0p and Petya, and in laundering money involving dark web activity, said Binance, which worked with law enforcement agencies on the case.
- Blockchain analysis showed a network of suspected money launderers inside macro virtual asset exchanges depositing and withdrawing funds between one another to launder them, the statement said. Binance said it had worked with blockchain analytics companies TRM Labs and Crystal (BitFury) through its anti-money laundering and analytics program to identify Fancycat.
- Ransomware attacks involving cryptocurrencies have attracted attention recently, thanks to high-profile attacks such as the one on Colonial Pipeline in May, which led to fuel shortages in several U.S. states. In its annual economic report published this week, the Bank for International Settlements wrote that cryptocurrencies “in many cases are used to facilitate money laundering, ransomware attacks and other financial crimes.”
- Ransomware victims paid out more than US$406 million worth of cryptocurrency in 2020, an increase of over 300% from the year before, blockchain analysis company Chainalysis said in its Ransomware 2021: Critical Mid-year Update report. “Ransomware attackers move most of the funds taken from their victims to mainstream exchanges, high-risk exchanges [those with loose or non-existent compliance standards], and mixers,” the report said.
- Chainalysis also found that ransom payments have been growing, and an increasing share of ransomware funds going to illicit third-party providers. “Russian-affiliated cybercriminals were the year’s biggest financial beneficiaries of cryptocurrency-based crime,” the report said.