In 2021, ransomware attackers have made roughly $32.7 million in cryptocurrency according to data from Ransomwhere; one ransomware attack in particular–REvil–accounts for roughly 33% of the total amount of money raked in via ransomware attacks this year.
Recently, many government organizations around the world have released statements warning their citizens and residents that cybercrime–including cybercrime involving digital currencies–is on the rise.
“While the data on Ransomwhere is not fully complete, the current data and other public reports (e.g. https://blog.chainalysis.com/reports/ransomware-ecosystem-crypto-crime-2021…) do indicate that ransomware attacks and payments are on the rise. We’re seeing that cybercriminals are getting more adept at exploiting systems and monetizing them, which is in part enabled by cryptocurrencies,” said Jack Cable, the founder of Ransomwhere.
Cable is looking to mitigate cybercrime involving digital assets by providing comprehensive data around ransomware attacks that demand digital currency. Cable hopes that the data Ransomwhere generates will help individuals and enterprises understand the full impact ransomware attacks have and whether or not taking certain actions and preventive measures has an effect on impeding these attacks.
“I was inspired to launch Ransomwhere after seeing that no one really knows the full impact of ransomware, and cybercrime in general. Without knowing the full details of ransomware economics, it’s hard to tell if actions have an effect on criminal behavior. Knowing that Bitcoin is entirely public, I started building Ransomwhere as a method to crowdsource information on ransomware payments,” said Cable.
Contrary to popular belief, Bitcoin is not the private network that many criminals and illicit actors believe it to be. Bitcoin is public, transparent, and immutable. This means that any actions that take place on the Bitcoin blockchain are stored on-chain for everyone to see. The only thing pseudo-anonymous about Bitcoin is its wallet addresses. It is not always clear who owns or operates an address, therefore, it can be difficult to identify the individual behind an address tied up in illicit activity.
Cybercrime continues to evolve
Cybercrime involving digital currencies has been on the rise–especially during coronavirus lockdowns. While most of the world’s population spent an increased amount of time on the internet due to the pandemic and the lack of establishments that remained open, criminals turned to cybercrime because there was a larger pool of people they could target. However, cybercrime is continually evolving.
“We’re seeing financially motivated cyber criminals start to adopt the tactics of more advanced nation-state adversaries, such as strategically attacking companies that have software widely deployed and utilizing previously unknown zero-day vulnerabilities. This is scary because ransomware hackers don’t play by the unwritten rules here: for instance, they have been known to attack and shut down hospitals, schools, and other critical infrastructure,” said Cable.
“Specific to cryptocurrency, we need to be thinking about how to properly mitigate risks as we develop new cryptocurrencies. For instance, while Monero is impressive mathematically and has many legitimate use-cases, it can also enable cybercrime as we see with ransomware. How can we use this to inform the design of cryptocurrencies and the ecosystem? This is not to say that it shouldn’t exist, but rather everyone working in this space has to be thinking actively about how they can mitigate abuse of the currency.”
Although digital assets can improve the world around us, some individuals look to capitalize on the pseudo-anonymous or fully anonymous nature of some cryptocurrencies to facilitate crime. Instead of ruling out digital currencies altogether, we can use the data generated by platforms like Ransomwhere to refine our approaches in a way that diminishes the risk and security threats that individuals and enterprises may be faced with.
When I asked Cable if he had any advice for businesses and individuals regarding how they can protect themselves against cyber-security attacks that involve digital currency, he said,
“Ransomware demonstrates that every company’s CEO needs to be thinking about cybersecurity as a direct business risk to them. CISA has some great resources on what companies can do – https://cisa.gov/ransomware. Some of the most important actions include making frequent, offline backups, using multi-factor authentication, and frequently patching systems.”
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.