Skip to main content

Crypto-crime may have declined overall in the first six months of 2023, but the volume of payments to ransomware attackers made in cryptocurrencies has surged. According to data from blockchain analytics firm Chainalysis, the volume of cryptocurrency ransomware payments was on track for its second-biggest annual total on record.

There is no single reason behind why cryptocurrency plays such a crucial role in the rise of ransomware attacks, but we have narrowed it down to six key factors.

Kevin Groves
Kevin Groves

Sales Director | Cyber Risk

  1. The first and most obvious is that cryptocurrencies offer a degree of anonymity and pseudonymity. This ‘privacy feature’ makes it difficult to trace transactions back to specific individuals or entities, a clear advantage for anyone looking to evade law enforcement.
  2. The lack of central control also makes it challenging for authorities to regulate or control transactions, as cryptocurrencies operate on decentralised networks. The absence of a central authority or intermediary makes it difficult to freeze or seize funds associated with ransomware payments.
  3. Global accessibility is a key feature of cryptocurrencies, but that they are designed to be sent and received across borders without the need for intermediaries or regulatory oversight is exploited by threat actors. Ransomware attackers can easily receive payments from victims located anywhere in the world, funding their illicit activities. (As an aside, this will also make it very difficult to enforce all the financial sanctions placed on Dmitry Khoroshev.)
  4. Transactions on blockchain networks are recorded on a public, immutable ledger that cannot be altered or reversed. This “no chargebacks” system means that, once ransom payments are made in cryptocurrencies, they cannot be reversed or refunded – giving threat actors a sense of security and incentivising victims to comply with demands.
  5. If variety is the spice of life, things in the world of cryptocurrencies are heading off the Scoville scale. The proliferation of cryptocurrencies provides ransomware gangs with a huge range of options for receiving payments while maintaining their anonymity. Privacy-focused cryptocurrencies offer enhanced privacy features, making it even more challenging to trace transactions and identify perpetrators.
  6. And, finally, there is ‘ransomware-as-a-service (RaaS)’. Ransomware threat actors often leverage RaaS platforms, where affiliates distribute ransomware in exchange for a share of the ransom payments (a so-called ‘monetisation model’). RaaS platforms may provide built-in mechanisms for handling cryptocurrency payments (facilitated payments), streamlining the process for both attackers and victims.

Cryptocurrencies are therefore likely to remain a preferred method of payment for digital extortion. Efforts to combat ransomware often involve a balance between addressing the underlying vulnerabilities exploited by attackers, and addressing the challenges posed by cryptocurrency-based payments.

Cyber Risk

Cyber Risk

We bring the best of our collective experience, energy and creative power to fiercely safeguard our clients and fortify their communities.

Learn more