The Role of Cryptocurrencies in the Rise of Ransomware

Published at: March 25, 2020

Cryptocurrency and ransomware have had a long history together. They are so closely intertwined, in fact, that many have blamed the rise of cryptocurrency for a parallel rise in ransomware attacks.

Ransomware attacks are certainly increasing — they rose by 118% in 2018 — but it’s not clear that this is due to cryptocurrency. While the vast majority of ransoms are paid in crypto, the transparent nature of these currencies actually means that they are a pretty bad place to hide stolen funds.

In this article, we’ll take a look at the relationship between cryptocurrency and ransomware, as well as what the future holds.

The ransomware crypto economy

There are at least two ways in which cryptocurrency is important for ransomware attacks. The first one is the most obvious — the majority of the ransoms paid during these kinds of attacks are generally in cryptocurrency. This was the case, for instance, in the WannaCry ransomware attacks, still the largest attack of its kind in history. Victims of the attack were instructed to send roughly $300 of Bitcoin (BTC) to their attackers.

There is another way in which crypto and ransomware are intertwined, though. Today, plenty of hackers are offering “ransomware as a service,” essentially letting anyone hire a hacker from online marketplaces. If you are so inclined, you can even buy ransomware off-the-shelf from these marketplaces. Both of these “services” can be paid for in — you’ve guessed it — cryptocurrency.

Cryptocurrency is also implicated in many other forms of cyberattack. Cryptojacking — a form of attack that uses victim’s computers to mine cryptocurrencies — is also on the rise, and new forms of malware such as Adylkuzz can be used by almost anyone with even a slight level of technical knowledge. Though these forms of attack are not technically ransomware, they further suggest the deep relationship between cryptocurrency and cybercrime.

Following the money

At first glance, it seems obvious that ransomware hackers would demand payment in cryptocurrency. Surely these currencies, based on anonymity and encryption, offer the best place to store stolen funds?

Well, not really. There is actually a different reason why ransomware attacks make use of cryptocurrencies. As Coin Center director of research Peter Van Valkenburgh wrote in 2017, it is the efficiency of cryptocurrency networks, rather than their secrecy, that attracts hackers. As he later put it:

“It’s electronic cash, so it’s easy to write software that can automatically demand payment and automatically demand that payment has been made.”

The value of cryptocurrency during a ransomware attack is actually the transparency of cryptocurrency exchanges. A hacker can simply watch the public blockchain to see if victims have paid up, and can automate the process of giving a victim their files back once this payment has been received.

This point also suggests a slightly curious aspect of the role of crypto in ransomware attacks: Cryptocurrency is, perhaps, the worst place to store ransom money. The open, transparent, nature of Bitcoin blockchain transactions means that the global community is closely watching the ransom money. That makes it extremely difficult to convert these funds into another currency, and means that they can be tracked by law enforcement.

As the director of research at Coin Center, Peter Van Valkenburgh, stated:

“In the U.S., every major bitcoin exchange is regulated by FINCEN. Right now the $50,000 extorted from victims is just sitting on the bitcoin network. ... That [exchange into local currency] is where you’re vulnerable to being identified.”

Regulation and enforcement

The fact that stolen funds can be tracked in this way doesn’t necessarily mean that the hackers who stole them can be brought to justice, of course. The anonymity of cryptocurrency means that it is often impossible for law enforcement agencies to uncover the true identity of ransomware hackers, though of course there are exceptions. 

Chief among these, according to Coin Center, is that the “blockchain allows one to trace all transactions involving a given bitcoin address, all the way back to the first transaction. That gives law enforcement the records it needs to ‘follow the money’ in a way that would never be possible with cash.”

Because of that, and also in response to a number of recent high-profile ransomware attacks, some have called for cryptocurrency to be regulated more closely. Regulation will need to be implemented carefully, however, because one of the major attractions of cryptocurrency — for ordinary citizens and hackers alike — is the fact that it is anonymous.

This means that attempts to regulate the space may make catching criminals even more difficult. As pointed out by Will Ellis, head of research at community advocacy group Privacy Australia, cryptocurrency bans led to a rise in VPN use, as investors seek to circumvent Know Your Customer and Anti-Money Laundering requirements in their home countries.

In addition, most governments simply don’t have the understanding or the resources to regulate the crypto space effectively. Some are so far behind that they aren’t even certain how to define what cryptocurrencies are. In this context, it is difficult to see how the close link between ransomware and cryptocurrency can ever be broken.

Related: From the UK to Malaysia: How Countries Have Been Classifying Crypto Across the World

The bottom line

The lack of governmental oversight of cryptocurrency, combined with the rapid rise in ransomware attacks, means that individuals need to protect themselves.

Some companies and individuals have taken unusual approaches. Companies have stockpiled Bitcoin not as an investment, but rather in case they need to pay a ransom as part of a future attack. Some enterprising individuals have even taken matters into their own hands, such as the German programmer who “hacked back” following a cyberattack using his own systems.

For most of us, though, protecting against ransomware attacks means doing the basics correctly. You should ensure that all of your systems are up to date, subscribe to a secure cloud storage provider and backup frequently. Companies of all sizes should partner with a managed security services provider to monitor enterprise networks, perform risk assessments and make recommendations specific to their data environment.

Ultimately, the relationship between cryptocurrency and ransomware is unlikely to be broken anytime soon. And while cryptocurrencies are certainly involved in the majority of ransomware attacks, we should not make the mistake of blaming crime on the currency it is conducted in.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with an emphasis on technology trends in cyber warfare, cyber defense and cryptography. Previously, Sam was a defense contractor for the United States Department of Defense, working in partnership with architects and developers to mitigate controls for vulnerabilities identified across applications.

Tags
Related Posts
Not your keys, not KuCoin's: Red flags ignored
Back in April of 2020, Cointelegraph took a close look at the KuCoin cryptocurrency exchange. Investigating the apparent lock of the primary domain name, which was a result of a legal case under the jurisdiction of the High Court of Singapore, we concluded that: In the absence of clarity from any of the individuals mentioned in this article, or from the company itself, users of the KuCoin cryptocurrency exchange will likely want answers on whether they are sending their money to Singapore, the Seychelles, China — or anywhere else in the world. Now $150 million is missing from KuCoin in …
Blockchain / Sept. 26, 2020
Another Free Ransomware Decryptor Released
Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom. Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files. How does Tycoon work Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said: “Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on …
Technology / June 6, 2020
Law Enforcement’s Guide to Policing Crypto Cybercrimes
2019 demonstrated that cyber-attacks are getting more numerous in the cryptocurrency industry, while hardware remains vulnerable and high-profile data leaks are becoming more common. Even worse, the trend is a continuing one. Way back in June 2018, Kaspersky Lab security experts reported an increase in the amount of malware targeting the cryptocurrency market. They noted a trend toward the spread of two types of malware: for hacking cryptocurrency wallets and for malicious Bitcoin (BTC) mining. As cybercrimes using digital money have begun to affect more countries and involve more advanced technologies, entire states and government organizations have come to grips …
Blockchain / Feb. 19, 2020
Riviera Beach City Council Agrees to Pay $600,000 in BTC to Ransomware Attackers
The city council of Riviera Beach, Florida has agreed to pay nearly $600,000 worth of Bitcoin (BTC) to regain access to data encrypted in a hacker attack, the New York Times reported on June 19. On May 29, the city experienced “a data security event” when a police department employee opened an allegedly infected email attachment, which eventually resulted in the online system breakdown. The hackers allegedly encrypted government records, blocking access to critical information and leaving the city without an ability to accept utility payments other than in person or by regular mail. A city spokeswoman, Rose Anne Brown …
Bitcoin / June 20, 2019
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022