Cryptocurrency was once positioned as a future alternative to traditional fiat money — a decentralized, digital currency that marked the next big step in the digitalization of the world.
But today, the single biggest practical use for cryptocurrency is as a money laundering vehicle for cybercriminals. This fact has helped fuel a ransomware boom that has struck two-thirds of organizations around the world — and made it all the more important for organizations to know how to best protect themselves in the face of what has become a global crisis.
Crypto changed the game for ransoms and cyber-fraudNot that long ago, criminals negotiated ransoms through entirely physical, even face-to-face encounters: From dropping off duffel bags of cash in a public place to in-person exchanges of ransom for victims. It's almost hard to imagine today's criminals being willing to undergo such elaborate and exposing ransom exchanges — activity that was so pernicious in parts of the world that it even sparked legislation banning ransom payments outright to disincentivize criminals.
The reason it's hard to imagine today's cybercriminals going to those lengths is because they simply don't have to. Your average ransomware group doesn't need to plan a drop-off point for a ransom or navigate the logistics of picking up and transporting a large amount of cash.
Cryptocurrency offers a much faster and easier avenue. Victims are told to pay the ransom in, say, Bitcoin. The payment happens anonymously, obscuring who exactly it's going to. At this point, the criminals will typically move the currency through Bitcoin tumblers to "launder" or "wash" the stolen funds.
They may transfer the money to more privacy-enhancing currencies like Monero and eventually back to something more liquid. In the end, we often don't know where it ends up, as the laundering of cryptocurrencies is often impossible to unravel.
More lucrative, less chance for detectionThe way crypto has upended cybercrime payments has changed the nature of cybercriminals' fraudulent schemes, too. Credit card fraud, e-gold Ponzi schemes, GreenDot Moneypak schemes and gift card fraud from some of the biggest retailers cumulatively earns cybercriminals hundreds of millions of dollars.
But individually, these schemes often fail to net more than a few hundred dollars each. They're also incredibly complex to pull off and are fraught with risk for detection or outright cancellation by the bank — or the retailer being ripped-off.
All of these schemes have been phased out by ransomware because of cryptocurrency. The proliferation of Bitcoin and Bitcoin ATMs made it easier to acquire, mine and trade digital coins, all but giving the greenlight for the modern ransomware attack.
Suddenly it became incredibly simple to extort victims for thousands or millions of dollars per attack. The addition of anonymous online payments also removed the threat of attackers being exposed in physical exchanges, and helped eliminate the ability to identify attackers and hold them accountable.
Cryptocurrency and the state of ransomware in 2022What we have today is a global ransomware boom fueled by cryptocurrency. Our new research shows just how stark the ransomware landscape has become:
Ultimately, ransomware attacks are hurting more organizations and the ransoms are getting bigger. And bad actors can get away with it because cryptocurrencies have made anonymous ransom payments to attackers easier and faster than ever. When nearly half of victims are willing to pay and collecting the payment is so easy, what incentive does a ransomware attacker have to stop?
Anti-money laundering regulations and "know your customer" rules can theoretically help make cryptocurrencies less viable as a dumping ground for ransomware gains. But despite both U.S. government action and international cooperation, cryptocurrency will continue to reward and accelerate ransomware activity.
This is largely thanks to a combination of foreign governments turning a blind eye to cybercriminals within their borders. This enables cryptocurrency exchanges with lax identity enforcement, verification schemes that continue to operate in countries ostensibly allied with ours and the sheer ease of laundering stolen digital coins into fiat currencies for ransomware groups.
The best offense against ransomware is a multi-layered defenseAs always, the best tools we have against a growing global ransomware crisis are the ones that help organizations prepare for an attack — and position them for a quick and relatively painless recovery.
Finally, just don't pay the ransom. For organizations like hospitals or utility providers, the threat of machines being encrypted and forcing an operational shutdown may be a matter of literal life and death. It's tempting to bite the bullet and pay the ransom as the path of least resistance. But paying ransoms only puts more money into the crypto-ransomware economy and incentivizes ransomware groups to keep attacking.
Additionally, you have no guarantee that the attackers will actually decrypt your data. While most victims who pay get some of their data back, it's rarely enough to prevent the need for a full restore from backup. Worse, it marks you as a target to future ransomware groups.
Ransomware attacks will only grow more intense in the near future, in part because cryptocurrencies have made it easy for attackers. Any organization can get caught in the crosshairs. No matter the industry, the best organizational offense is a proactive defense.
Chester Wisniewski is field CTO of applied research at Sophos.
DataDecisionMakersWelcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!
Read More From DataDecisionMakers