Analysis of Ragnarok Ransomware Money Laundering Case Using DeFi Coin


Executive Summary

  • Analyze the bitcoin payment address of the Ragnarok ransomware
  • Ragnarok transfers bitcoin to renBTC, performs a coin swap, and finally withdraws to Binance and Huobi exchanges
  • Confirmation of 5 Bitcoin addresses used by Ragnarok ransomware to send renBTC and 2 Ethereum addresses used for coin swap

Detailed analysis

1. Abstract

  • Ragnarok ransomware negotiates with victims via email
  • Confirm payment address through the ransom notes email contact (2021–07–28)
  • Payment address : 1HQeCCR7Vhfm6PWEhWj3NuYcSNVuLDRb24
  • Price : 2.8 BTC
  • Contact mail :

Read more…