What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
Cryptocurrency seems to be playing a major role in the rise of ransomware attacks. Research shows that there have been obvious connections between the increasing rate of ransomware attacks and the crypto boom. Ransomware attacks and crypto have had a long history with each other.
These fields are closely linked with studies showing that ransomware attacks have increased across the globe and crypto adoption has increased rapidly. Hackers and other cyber criminals ask for crypto ransoms which have made many critics shun cryptocurrency terming it as the chosen tool of a trade by the attackers. However, there is no conclusive evidence showing a direct correlation between cryptocurrency and ransomware.
Although most of the ransoms are paid in cryptocurrency, the extensive transparency of the underlying blockchain technology makes it an unwise place to keep any stolen money since it can be tracked down.
The Connection Between Ransomware Attacks And Cryptocurrency
There are two major ways that ransomware attacks rely on the crypto market. First, most of the ransoms paid in these attacks are normally in crypto. A great example is what happened in the biggest ransomware attack in history, the WannaCry ransomware attacks.
The attackers demanded that their victims should pay almost 300 BTC to release their captive data. Another method that cryptos and these attacks are linked is through the infamous “ransomware as a service”. Most of the criminals offer this service letting anyone hire a hacker through the online marketplaces. In return, they demand payment through cryptocurrency.
From an outsider’s eye, it is quite understandable why hackers need their ransom payments in crypto. The underlying blockchain technology is based on encryption and privacy, which provides the best alternative to hide stolen money.
But, there is another reason why ransomware attacks use cryptos. The efficiency associated with the crypto and blockchain networks, rather than concealment, is what attracts most cybercriminals.
The value of crypto involved in a cyberattack is the transparency of cryptocurrency exchanges. A hacker can track and review the public blockchain to see whether their victims have paid their ransom and can then automate the procedures required to return the stolen data to the victim.
On the flip side, the crypto market is probably the worst space to store the stolen funds. The transparent nature of the blockchain means that the whole world can monitor all the transactions involving ransom money. That makes it quite challenging to switch the stolen funds into an alternative currency, where they can then be tracked by the authorities.
Law And Order In The Crypto Space
Even though the ransom paid for stolen data can be tracked as it moves on the blockchain, it does not mean that the criminals can be caught easily. Due to the anonymity that dominates the crypto space, it is almost impossible for law enforcement agencies to determine the true identity of the criminals. But, there are always exceptions to that rule.
Blockchain enables a transaction to get traced linking to a given bitcoin address, and it can be followed back to the original transaction. This enables the authorities to access the financial records needed to track the ransomware attacks’ payments, in a manner that is not possible when handling cash transactions.
Due to the many recent and prominent ransomware attacks, the regulators and authorities want the crypto market to get watched more keenly. Supervision will have to be executed carefully to ensure that investors are not deterred from the attractiveness of the anonymity associated with cryptocurrency.
The limited legislative control of the crypto space, together with the rapid increase in ransomware attacks, shows that investors must take it upon themselves to protect all their data. Some institutions have taken extra measures like hoarding bitcoin in the incident that they require to pay a ransom as a part of future attacks.
For the common investors and users, protecting against ransomware attacks means covering all bases. Experts advise that users need to ensure that their cybersecurity software is up to date and subscribe to secure cloud storage providers and backup their data often.
Firms of all sizes need to implement the 3-2-1 data backup method in case of an attack. This backup plan says that one needs to have three different copies of data, stored on two different types of media and one copy should be offsite. This method helps in averting incidents of complete data losses.
It is also advisable to store another copy of one’s data using the air-gap method. This strategy prevents data from ever being stolen.
Ransomware Task Force Targets Cryptos
In the United States, a Ransomware Task Force that was set up by the Institute for Security and Technology (IST) published a new report that had recommendations on how to combat the ransomware menace. It proposed significant actions to fight the continuously evolving threat. This task force published an 81-page report that offered 5 key recommendations to governments to enable them to prevent and respond to ransomware attacks.
This task force was launched as a public-private partnership created by IST featuring infosec professionals from different vendors including Palo Alto Networks, Microsoft, and Rapid7. The group is not the same as the one recently announced Department of Justice task force but the two groups are working together.
A major part of the recommended action in this report involves disrupting the illegal economy surrounding ransomware that is normally financed using cryptos. Criminals mostly demand ransom payments in various forms of crypto, mainly bitcoin and Monero since it is difficult to track.
The report highlighted the importance of disrupting that business model through implementing strict regulations and developing more expertise around crypto tracking. More than 60 experts from the cryptocurrency sector, law enforcement, government, international organizations, and civil society contributed to these recommendations highlighted in the report.
During a recent press conference to discuss this report, Department of Homeland Security Secretary Alejandro Mayorkas said:
“Ransomware is a threat to national security and something that we all need to prioritize and invest in — from big healthcare facilities to small businesses.”
This is not the first time that the Secretary referred to ransomware attacks as a national threat. His comment also insisted on the importance of raising the priority of ransomware within the United States intelligence community to the national security threat level. These attacks have already threatened critical infrastructure and also pose risks to the safety and health of the general public.
The report mentioned:
“These incidents not only cost the victims millions of dollars in recovery, but they have also led to delays in patient treatment, and possibly loss of life.”
The ransomware menace has grown worse and in 2020, almost 2,400 schools, healthcare facilities, and US-based government agencies fell victim to ransomware attacks. The effects of the pandemic contributed to the increase and criminals targeted the vulnerable sectors that may not afford the downtime associated with encrypted machines that happen during ransomware attacks.
Between ransom demands and downtime, the attacks are increasing in cost. In 2020, victims paid $350 million, which is a 311% increase compared to 2019. All these profits were paid in cryptocurrency. The report stated:
“Multiple organizations have issued reports on the costs of ransomware, and while their exact figures vary, all consistently show a steady increase in the number of attacks — and damaging economic impact.”
Disrupting The Ransomware Payments
The rapid increase of ransomware attacks ‘as a lucrative criminal enterprise’ is somehow connected to the surge in crypto market prices. In that context, the task force and other regulators are focusing on ways that can be used to stop their ability to hide the stolen funds. However, criminals have been using this strategy to evade law enforcement for years, and have only improved to gain more anonymity.
This report recommends that governments need to regulate crypto organizations to start fighting these consequential attacks. The report added:
“Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading ‘desks’ to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.”
More regulation on exchanges and other crypto services may improve the transparency required to gain access to cybercriminals’ financial activity. Such a move would help forensic investigators and law enforcement agencies track ransom payments to the criminals.
Additionally, the IST report recommended setting up Cyber Response and Recovery Fund:
“To support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments and require organizations to consider alternatives before making payments.”
Furthermore, the task force recommended implementing mandatory disclosures of ransom payments and incentivize information sharing between law enforcement and crypto services. Ransom payments are rising, with the average payment in 2020 exceeding $300,000, a 171% surge compared to 2019. Coveware, a vendor that contributed to the report, said that the number was growing in the first quarter of 2021.
Some infosec experts have said that giving in to ransom demands will result in more ransomware attacks. Nonetheless, the Coveware report indicated that the payments might also be contributing to advanced attacks.
Since the ransomware attacks are a global menace, the IST task force said that private organizations and governments worldwide need to join hands and implement the recommendations of their report. In general, collaboration is a critical theme in the report. For now, attackers seem to be thriving due to a lack of reliable and representative data about ransomware’s scale and scope.
The report concluded:
“Further information about ongoing ransomware threats does not yet reach as much of the digital ecosystem as it should — to include both across sectors of private industry or within responsible government departments and agencies.”