Use of Crypto Mining Pools to Launder Ransom Funds Grows 100,000% Over 5 Years

Stu Sjouwerman | Jun 29, 2023

crypto mining ransom fundsNew analysis shows sources of cryptocurrency being placed into mining pools with huge deposits that make it easier for cybercriminals to make their ransom funds untraceable.

One of the core concepts of a blockchain is that every transaction is documented within the blockchain itself. So, it makes sense that we’d all think that even if ransomware threat actors receive their ransom in some form of cryptocurrency, the funds would be traceable, and potentially law enforcement officials would be able to tie the crypto addresses to someone in the real world.

But new data from blockchain analysis firm Chainalysis shows that over the past 5 years, the amount of crypto from known ransomware addresses sent to crypto mining pools has skyrocketed. Anytime crypto is sent to a service, it’s mixed in with all other submitted funds, making it impossible to track where funds leaving the pool originally came from.

In essence, crypto services like mining pools are laundering ransomware gangs’ money.

According to the data, the amount of money in crypto placed into these mining pools was as little as $10,000 back in Q1 of 2018 and has grown to over $10 million in Q1 of this year (the yellow line in the graph below). That’s literally 1,000 times larger, or 100,000% growth over 5 years!

chart-1-ransomware-destinations-1536x879

Source: Chainalysis

What this means for the average organization is that ransomware gangs have found a sufficient means to “clean” their funds and avoid being traced when they take their funds out.

In short, ransomware is still profitable.

With phishing still topping the list of initial attack vectors for ransomware, it’s critical that your security controls around email (which should include Security Awareness Training for your employees) is robust and effective in stopping malware-based, malwareless, and social engineering attacks coming in via email.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.