The Cryptocurrency Forensics Solution to OFAC’s $11.5 Billion Ransomware Conundrum

Figure 1: The International Economics of RaaS (Ransomware as a Service) by Industry. FireEye Mandiant, 2020

Cryptocurrency Forensics: A More Modern Approach

Figure 2: Average dwell time of ransomware bitcoin wallets: Locky, WannaCry and Ryuk.
Figure 3: Transaction In/Outflow of Ransomware Variants
Figure 4: In/Outflow Transactions — Ryuk (Hackers Active on UTC 14:00–23:00. Probably European.)
Figure 5: In/Outflow Transactions — Locky (Hackers active UTC 8:00–18:00. Probably European)
Figure 6: In/Outflow Transactions — WannaCry (Hackers active UTC 9:00 -16:00. Probably Russian)
Figure 7: Heatmap of International Ryuk Ransomware Victims. Kaspersky, 2019
Figure 8: AI-powered Auto-trace of Ransomware Funds Flowing to Exchange

The Evolving Face of Ransomware

The diverse profiles of 3 ransomware families

Closing Remarks

  1. Utilization of cryptocurrency forensics as a powerful tool for hacker attribution.
  2. Preventive forensics, blocking ransomware payments to sanctioned individuals.
  3. AI/ML-powered intelligence empowering OFAC-compliant AML/CFT, enabling ransomware payments when possible.
  4. Comprehensive policy, education, and tech solutions to reduce long-term incidence of ransomware attacks.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Blockchain data analytics firm providing security, risk, and compliance solutions.