The Ryuk ransomware has earned its operators an estimated $150 million, according to an examination of the malware s money-laundering operations. The researchers traced the cash-outs to large, legitimate exchanges Huobi and Binance, both of which are located in Asia. The analysis also found that Ryuk operators typically use two unique Protonmail addresses for each victim in order to communicate with their victims. An effective defense should involve developing countermeasures that will prevent the initial infection.
Source: https://threatpost.com/ryuk-150m-ransom-payments/162905/