21 Apr Partners in crime: Ransomware and Cryptocurrency
The dangers of crypto and malicious activity
The surge of cryptocurrency demand in tandem with ransomware isn’t coincidental. The two are intertwined as a vehicle of criminal operation for their “versatility.” Regardless of a target’s demographic, their currency can be translated to a form of cryptocurrency – typically Bitcoin (or BTC). BTC and crypto is also widely popular on dark markets among hacker gangs, making it the “go-to” for these illicit activities. More to the point, it escapes traditional tracking methods, which helps cloak an attacker’s behavior further.
Indeed, it’s ideal for virtual criminals implementing ransomware, demanding returns of several hundred dollars to millions, depending on the target. Higher value targets that can’t afford to lose system access (critical infrastructure) typically pay. Anyone is a target too, from large businesses to even school networks; as long as money can be made, ransomware gangs and threat actors are looking for victims. And once again, their preferred payout method is cryptocurrency.
The agility at which criminals can be paid and “move” that money is astonishing, too. Millions of BTC and crypto can transfer in seconds, jumping around the world without any tracking or regulatory catches. Therefore, it not only encourages the use of ransomware attacks on the promise of a high payout, but crypto, since crypto guarantees pay in a near-immediate fashion. BTC has addressed no real-world issues with traditional currency, but absolutely solved puzzles for criminals looking to acquire and store their gains. In other words, crypto is perfect for money laundering.
All cost, no risk
Both ransomware and cryptocurrency work well together for their low-risk characteristics. Many ransomware gangs are based in different parts of the world, like Russia, where repercussions are nonexistent. If an American network/company is targeted in some capacity, it can’t track or retaliate in a meaningful way leading to the catch of the malicious parties. After all, it took a joint effort at the request of the US to finally dissolve REvil, a notorious Russia-based ransomware gang.
Therefore, there’s more than enough reason to pursue both ransomware tactics and crypto, a cycle feeding into itself. If both methods prove virtually safe for the attacker(s) without serious dedicated investigation and high payout, attackers would be at a disadvantage to not employ these methods. Even with ledgers available for these transactions, visible to the public, the identities behind them are hidden behind anonymous identities. It doesn’t mean that said transactions are not untraceable, but it takes a great deal of resources, time, and effort to correctly link cryptocurrency exchanges to a specific ransomware attack.
A transforming problem
With reliance on technology and network connectivity increasing, there’s no sign of these elements slowing down. Even when larger ransomware gangs are struck down, numerous more exist at the lower tiers which target smaller organizations. And, not every event can be investigated with the same level of tenacity as an infrastructure attack.
In response, it could shape how cryptocurrency is regulated and handled on a global scale. But, with the ability to “mint” digital coins at a rapid pace, how impactful any regulation on the ransomware market is a vague thing indeed. In order to be effective, regulations would need to limit the exchange of BTC (or similar) for a single transfer, and doing so would potentially involve global laws. More so, having additional tools or ways to track and identify transfers could help, but ransomware gangs follow various ways to obfuscate their locations, techniques, and exchanges.
It’s abundantly clear how cryptocurrency has aided the eruption of ransomware, and the two will constantly feed into the other until something is done.
If you’d like info about protecting your SMB from ransomware, contact Bytagig today.
Share this post:
Sorry, the comment form is closed at this time.