Ukrainian law enforcement officials arrested three people that were involved in laundering money for ransomware gangs. The police investigation was assisted by the cryptocurrency exchange Binance to identify the people responsible. The group was operating in Ukraine’s Poltava region since 2018. The group laundered money for ransomware groups and spread ransomware themselves. The arrests took place in June, but a joint press release describing the details of the arrest was just made public. This was the first arrest resulting from the work of the Bulletproof Exchanger Project, which is an internal investigation of criminal activity created by Binance. Bulletproof Exchanger was created to identify hubs of malicious activity within the cryptocurrency realm, track down the operators, and work with authorities to shut them down. Binance began researching these exchanges and building a database of various signals and data sets such as user data, DNS records, open-source intelligence feeds, law enforcement requests, and blockchain analytics. After the database was created, Binance turned to TRM Labs, a blockchain analysis firm, to help identify patterns in the transactions. After analyzing the data, TRM and Binance were able to identify clear indications that over $42 million USD worth of bitcoin that was associated with ransomware operations had been laundered by this group and notified the National Police of Ukraine, which opened its own investigation.
Analyst Notes
The Bulletproof Exchanger Project started by Binance has high hopes of slowing down many ransomware operators who will need to continue to find new ways to launder their money. The Bulletproof Exchanger Project is expected to continue as the rise in ransomware continues to infect many companies each week. Companies need to be willing to work with law enforcement to shut down criminal networks like these. In this case, the arrests happened very quickly after the group was identified, but in some cases, the process could take years. Whether investigations are quick or take an extended period of time, targeting the money seems to be one of the most effective ways to combat ransomware.
More can be read here: https://www.zdnet.com/article/ukraine-arrests-gang-who-ran-20-crypto-exchanges-and-laundered-money-for-ransomware-gangs/
The press release from Binance can be found here: https://www.binance.com/en/blog/421499824684900882/The-Bulletproof-Exchanger-Project-How-Binance-Helped-Take-Down-a-Cybercriminal-Group-Laundering-$42M