Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as FancyCat, the funds resulted from the operations of Clop and Petya ransomware.
The funds were laundered investing in multiple forms of cybercrimes.
Binance investigated the transactions associated with the threat actors with the help of blockchain analysis firms TRM Labs and Crystal (BitFury).
The experts shared their findings with the law enforcement that arrested six members of the Clop/FancyCat group.
“More recently Binance Security has been taking part in an international investigation with Ukraine Cyber Police, Cyber Bureau of Korean National Police Agency, US Law Enforcement, Spanish Civil Guard, and Swiss Federal Office of Police, among others, in apprehending a prolific cybercriminal ring. The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware.” reads the post published by Binance. “In all, FANCYCAT is responsible for over $500M worth of damages in connection with ransomware and millions more from other cybercrimes.”
According to Binance, the six individuals were not part of the core of the Clop ransomware gang, instead, they were only marginally involved in the financial activities of the group, for this reason, the operations are still active.
A few days after the operations conducted by the authorities, the ransomware gang made the headlines again by releasing the data stolen from new victims.
“We applied the two-pronged approach to the FANCYCAT investigation: our AML detection and analytics program detected suspicious activity on Binance.com and expanded the suspect cluster. Once we mapped out the complete suspect network, we worked with private sector chain analytics companies TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution.” concludes the report. “Based on our analysis we found that this specific group was not only associated with laundering Cl0p attack funds, but also with Petya and other illegally-sourced funds. This led to the identification and eventual arrest of FANCYCAT.”
Early this year Binance released a study on our first Bulletproof Exchanger Project that focused on anti-ransomware initiative. The project also involved the Ukraine Cyber Police and lead to the arrest of a major cybercriminal group laundering over $42M of illicit funds.
(SecurityAffairs – hacking, ransomware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.