Crypto-crime may have declined overall in the first six months of 2023, but the volume of payments to ransomware attackers made in cryptocurrencies has surged. According to data from blockchain analytics firm Chainalysis, the volume of cryptocurrency ransomware payments was on track for its second-biggest annual total on record.
There is no single reason behind why cryptocurrency plays such a crucial role in the rise of ransomware attacks, but we have narrowed it down to six key factors.
- The first and most obvious is that cryptocurrencies offer a degree of anonymity and pseudonymity. This ‘privacy feature’ makes it difficult to trace transactions back to specific individuals or entities, a clear advantage for anyone looking to evade law enforcement.
- The lack of central control also makes it challenging for authorities to regulate or control transactions, as cryptocurrencies operate on decentralised networks. The absence of a central authority or intermediary makes it difficult to freeze or seize funds associated with ransomware payments.
- Global accessibility is a key feature of cryptocurrencies, but that they are designed to be sent and received across borders without the need for intermediaries or regulatory oversight is exploited by threat actors. Ransomware attackers can easily receive payments from victims located anywhere in the world, funding their illicit activities. (As an aside, this will also make it very difficult to enforce all the financial sanctions placed on Dmitry Khoroshev.)
- Transactions on blockchain networks are recorded on a public, immutable ledger that cannot be altered or reversed. This “no chargebacks” system means that, once ransom payments are made in cryptocurrencies, they cannot be reversed or refunded – giving threat actors a sense of security and incentivising victims to comply with demands.
- If variety is the spice of life, things in the world of cryptocurrencies are heading off the Scoville scale. The proliferation of cryptocurrencies provides ransomware gangs with a huge range of options for receiving payments while maintaining their anonymity. Privacy-focused cryptocurrencies offer enhanced privacy features, making it even more challenging to trace transactions and identify perpetrators.
- And, finally, there is ‘ransomware-as-a-service (RaaS)’. Ransomware threat actors often leverage RaaS platforms, where affiliates distribute ransomware in exchange for a share of the ransom payments (a so-called ‘monetisation model’). RaaS platforms may provide built-in mechanisms for handling cryptocurrency payments (facilitated payments), streamlining the process for both attackers and victims.
Cryptocurrencies are therefore likely to remain a preferred method of payment for digital extortion. Efforts to combat ransomware often involve a balance between addressing the underlying vulnerabilities exploited by attackers, and addressing the challenges posed by cryptocurrency-based payments.
Cyber Risk
We bring the best of our collective experience, energy and creative power to fiercely safeguard our clients and fortify their communities.
Insights
Five minutes with the PE cyber experts
Ed Starkie and Ben Hawkins gave us five minutes of their time to run through the current state of cyber security for private equity.
Understanding supply chain and concentration risks in cloud services
The major incident on Friday, 19 July highlighted the high levels of concentration risk emerging from our technology landscape.
Where to start with cybersecurity for private equity
Cybersecurity for private equity (PE) firms is a central concern given the sensitive nature of the data they handle.
Cyber Risk Management for Private Equity Firms
Don’t miss this opportunity to enhance your understanding of the cyber security threat landscape.