Bitcoin Accounts for 98% of Crypto-Denominated Ransomware Payments, Study

Published at: April 19, 2019

Bitcoin (BTC) continues to account for the lion’s share of crypto-denominated ransomware payments, according to Coveware’s Q1 2019 Global Ransomware Marketplace report, published on April 15.

The report — reportedly based upon aggregated ransomware data from cases tackled by Coveware’s Incident Response Team — indicates that in Q1 2019 the ransomware landscape saw a sharp increase in the average ransom demanded by threat actors.

The average sum — demanded in exchange for the ostensible delivery of a decryptor tool that can help victims recover data after a ransomware attack — rose 89% from a median $6,733 in Q4 2018 to $12,762 in Q1 2019, the report states.

Of these ransoms that were paid in cryptocurrency, 98% were payable in bitcoin. The report outlines that in Q1 2019:

“[H]andling cryptocurrency continued to be a major source of friction for victims, and thus the threat actors as well. It is unlikely that ransomware rotates towards a different cryptocurrency anytime soon as they are even more nuanced to procure and handle.”

Coveware notes that threat actors have scant need to migrate away from bitcoin to other coins as they reportedly face little difficulty using mixing services to exchange bitcoin for privacy-focused cryptos such as dash (DASH) or monero (XMR).

Privacy coins are thus used for only 2% of ransomware payments, according to Coveware’s data, and are largely used later in the process, once the payment has been received and threat actors subsequently attempt to obfuscate the transfer of their ill-gotten funds.

GandCrab — a strain of ransomware that accounts for 20% of the market, according to Coveware’s data — was the only prevalent strain where threat actors accept payment in either dash or bitcoin.

Moreover, the report notes, GandCrab victims who pay with bitcoin face a 10% additional fee due to the costs incurred by the threat actors’ use of mixing services to anonymize the cryptocurrency after payment.

As reported earlier this week, digital payments giant PayPal recently won a cybersecurity patent to protect users from crypto ransomware.

In March, Big Four auditor PwC linked Iranian nationals behind the bitcoin ransomware scheme SamSam — which reportedly damaged multiple American companies, government agencies, universities, and hospitals —  to the crypto exchange WEX.

Tags
Related Posts
Did Jack Daniels Thwart a Ransomware Attack or Not?
Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp — but the company claims otherwise. The company is the official manufacturer of Jack Daniels whiskey. According to cybersecurity services provider, AppGate, the famous alcoholic beverages manufacturer did fall victim to an attack but refused to pay the ransom demanded by REvil. However, Brown-Forman Corp told Infosecurity-Magazine in a statement they had successfully prevented cybercriminals from encrypting its files. This does not necessarily mean the gang’s claim to have compromised the internal network and stolen sensitive data …
Bitcoin / Aug. 20, 2020
Russia’s New Crypto Analytics System to Track Dash and Monero
A major financial watchdog in Russia is developing a new cryptocurrency analytics tool to trace major cryptos like Bitcoin (BTC) and privacy coins. Russia’s Federal Financial Monitoring Service, a federal service combating money laundering and terrorist financing, is reportedly planning to build a new analytics platform for tracking cryptocurrency transactions via artificial intelligence. Dubbed “Transparent Blockchain,” the new system is designed to track the movement of digital financial assets and identify crypto service providers to fight illicit activity related to digital assets, local news agency RBC reported on Aug. 10. According to the report, the new system is able to …
Bitcoin / Aug. 11, 2020
Sodinokibi Crypto Ransomware Switches from Bitcoin to Monero to Hide Money Trail
A kind of ransomware — a malware that encrypts user data and asks for a ransom to restore access to it — switched from Bitcoin (BTC) to Monero (XMR) to better protect the hackers’ identities. According to an April 11 report by cybersecurity news outlet BleepingComputer, using Monero will make it harder for law enforcement to track ransom payments to the hackers behind Sodinokibi. As the article mentions, Europol strategy analyst Jerek Jakubcek explained during a February webinar how anoncoins influence legal investigations: “Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. …
Bitcoin / April 13, 2020
The Role of Cryptocurrencies in the Rise of Ransomware
Cryptocurrency and ransomware have had a long history together. They are so closely intertwined, in fact, that many have blamed the rise of cryptocurrency for a parallel rise in ransomware attacks. Ransomware attacks are certainly increasing — they rose by 118% in 2018 — but it’s not clear that this is due to cryptocurrency. While the vast majority of ransoms are paid in crypto, the transparent nature of these currencies actually means that they are a pretty bad place to hide stolen funds. In this article, we’ll take a look at the relationship between cryptocurrency and ransomware, as well as …
Blockchain / March 25, 2020
FATF’s Regulations to Push Criminals to Privacy Coins: CipherTrace CEO
The Financial Action Task Force’s (FATF) crypto regulations will trigger a shift of criminal activity from Bitcoin (BTC) to privacy coins, it has been claimed. Criminals mostly use BTC and ETH to date David Jevans, CEO of major crypto transaction tracking firm CipherTrace, shared his remarks about criminal use of cryptocurrencies at a panel held by blockchain advocacy group, the Chamber of Digital Commerce, on Oct. 21. During the panel, Jevans claimed that well-known cryptocurrencies such as Bitcoin and Ether (ETH) are currently the most popular among criminal actors to date due to their good brand name and the ease …
Bitcoin / Oct. 22, 2019