Study Reveals Conti Affiliates Money Laundering Practices – Source: www.govinfosecurity.com

Cryptocurrency Fraud
,
Fraud Management & Cybercrime
,
Ransomware

Affiliates Relied on Less Complex, Trackable Methods, It Says

Akshaya Asokan (asokan_akshaya) •
September 28, 2023    

Contrary to the popular notion that ransomware hackers are sophisticated launderers of their stolen money, research shows they use straightforward mechanisms to transfer their bitcoin – allowing researchers to follow their money trail.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack

In a study examining data leaked during the May 2022 collapse of the Conti ransomware as a service group, a researcher at the Catholic University of the Sacred Heart at Milan, analyzed 182 Bitcoin addresses belonging to 56 Conti affiliates. Most often, Conti administrators merely deposited earnings, leaving affiliates to figure out ways to launder their earnings.

The affiliated moved a majority all the illicit proceeds, writes doctoral candidate Mirko Nazzari, in a single, direct transaction rather than breaking them down into multiple transactions over time. “This habit is highly insecure because it does not add any obfuscation layers between the illicit proceeds and their criminal origin.”

Only a sliver – 8% – transacted with a crypto mixer, a service that pools potentially tainted funds and randomly distributes them to destination wallets in a bid to make tracing stolen cryptocurrency hard or impossible.

The more money a Conti affiliate received from ransomware, the more likely the hacker was to use a mixer, Nazzari says. Approximately a quarter of wallets that received more than $1,000 in payment did use a mixer, while nearly 40% used a dark web service.

Affiliates didn’t entirely ignore operational security practices, Nazzari found. Nearly all of the addresses receiving initial payment were “non-custodial,” meaning that affiliates didn’t rely on a crypto exchange to hold the money, preferring to hold on to the wallets’ private keys. Still, exchanges were the most common destination for the initial payment.

“Despite the dominant narrative, not all members of cybercriminal networks are high-skilled,” the report says. “This lack of expertise seems to extend also to their knowledge of money laundering practices.”

Although law enforcement agencies have successfully identified and sanctioned Conti members, mainly by following the money through cryptocurrency wallet tracking.

Nazzari says the governments must ensure that crypto platforms enforce anti-money laundering and know your customer regulations. Law enforcement can subpoena these services and obtain key offenders’ information, such as personal bank accounts, e-mail addresses, phone numbers and even IP addresses.