Don’t blame crypto for ransomware

Published at: May 30, 2021

Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel.

In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, the focus often begins to turn toward cryptocurrency and how its perceived anonymity helps to increase ransomware attacks, inspiring more cybercriminals to get into the game.

However, taking a look at the macro picture of cybersecurity attacks, we see some trends that have been emerging. For example, losses from cyberattacks grew 50% between 2018–2020, with the global losses adding up to over $1 trillion. It’s an unavoidable conclusion that speaks to the pervasiveness of security vulnerabilities available to exploit.

Related: Report on crypto exchange hacks 2011–2020

The rise in cybercrimes is also spurred on by the availability of ready-made, off-the-shelf malware easily found on the dark web for those with little skill, but who still want to profit off of the free-money opportunities unsecured organizations present. Importantly, criminals themselves have continued to evolve their strategies to evade defensive security tactics, techniques and procedures (TTPs) to ensure they can continue to be profitable. Should cryptocurrency no longer be a viable option for payment, attackers would almost certainly pivot to a different payment approach. The thought that they would simply stop attacking these organizations without crypto defies credulity.

The “root cause,” if you will, of these events is not the payment method used to reward the criminals, it is the security gaps that enabled them to breach the enterprise and, obviously, the fact that there are criminals out there committing these crimes.

With ransomware trending itself (and within the DarkSide attack), we see this ever-shifting modus operandi demonstrated. In the early days of ransomware, it was relatively cut and dry: A cyberattacker finds a way into the enterprise — most often via a social engineering attack, such as a phishing email or unsecured remote desktop protocol — and encrypts the victim’s files. The victim either pays the ransom via a wire transfer or crypto, and in most cases, gets the decryption key, which usually (but not always) decrypts the files. Another alternative is that the victim chooses not to pay and either restores their files from a backup or just accepts the loss of their data.

Cyber attack’s tactics

Around late 2019, more enterprises were prepared with backup strategies to meet these threats and declined to pay. Ransomware actors, such as the Maze ransomware group, emerged, evolved and shifted tactics. They began to exfiltrate data and extort their victims: “Pay, or we will also publically publish sensitive data we stole from you.” This greatly escalated the costs of a ransomware attack, effectively turning it from a company issue to a notification event, requiring data discovery, even more legal counsel and public scrutiny, while demonstrating the attacker’s determination to find ways around impediments to payment. (DarkSide, which is believed to have been the group behind the Colonial Pipeline attack, is an extortionate group.) Another trend, as cited in the report above, is the increased targeting of victims, finding those who are able to pay higher dollar amounts, as well as those with data they would not like to see shared publicly.

Cyberattackers will keep evolving their tactics as long as there is someone or some organization to attack; they have been doing so since the beginning of hacking. Before crypto and even cybercrime, we had dropping cash in a bag at night and wire transfers as options for anonymous payments to criminals. They will keep finding ways to be paid, and the benefits of crypto — financial freedom, censorship resistance, privacy and security for the individual — far outweigh the downside of its attractiveness to criminals who may find its convenience appealing. Vilifying crypto will not eliminate the crime.

It may be difficult, even (likely) impossible, to plug every security gap in the enterprise. But too often, security fundamentals are skipped, such as regular patching and security awareness training, which go a long way to reduce the risk of ransomware. Let’s keep our eye on the target — the enterprise — and not the prize — crypto. Or, we may be blaming fiat for all other financial crimes next.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Michael Perklin is the chief information security officer at ShapeShift, where he oversees all product, service and enterprise security practices while ensuring they adhere to or exceed industry best practices. With over a decade of experience in blockchain and crypto, he leads a team that ensures security best practices are employed using both cybersecurity and blockchain-specific methodologies. Perklin is the president of the CryptoCurrency Certification Consortium (C4), has served on multiple industry boards, and is a co-author of the CryptoCurrency Security Standard (CCSS), which is used by hundreds of global organizations.
Tags
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Hackers Stole and Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms
Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it. According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, …
Bitcoin / Feb. 3, 2020
Developers could have prevented crypto's 2022 hacks if they took basic security measures
Users losing funds due to malicious activity is hardly unknown on Ethereum. In fact, it is the very reason researchers recently developed a proposal to introduce a type of token that is reversible in the event of a hack or other unsavory behaviors. Specifically, the suggestion would see the creation of an ERC-20R and ERC-721R, which would be modified versions of the standards that govern both regular Ethereum tokens and nonfungible tokens (NFTs). The premise goes like this: this new standard would allow users to make a “freeze request” on recent transactions that would lock those funds until a “decentralized …
Technology / Nov. 13, 2022