Crypto-crime may have declined overall in the first six months of 2023, but the volume of payments to ransomware attackers made in cryptocurrencies has surged. According to data from blockchain analytics firm Chainalysis, the volume of cryptocurrency ransomware payments was on track for its second-biggest annual total on record.
There is no single reason behind why cryptocurrency plays such a crucial role in the rise of ransomware attacks, but we have narrowed it down to six key factors.
- The first and most obvious is that cryptocurrencies offer a degree of anonymity and pseudonymity. This ‘privacy feature’ makes it difficult to trace transactions back to specific individuals or entities, a clear advantage for anyone looking to evade law enforcement.
- The lack of central control also makes it challenging for authorities to regulate or control transactions, as cryptocurrencies operate on decentralised networks. The absence of a central authority or intermediary makes it difficult to freeze or seize funds associated with ransomware payments.
- Global accessibility is a key feature of cryptocurrencies, but that they are designed to be sent and received across borders without the need for intermediaries or regulatory oversight is exploited by threat actors. Ransomware attackers can easily receive payments from victims located anywhere in the world, funding their illicit activities. (As an aside, this will also make it very difficult to enforce all the financial sanctions placed on Dmitry Khoroshev.)
- Transactions on blockchain networks are recorded on a public, immutable ledger that cannot be altered or reversed. This “no chargebacks” system means that, once ransom payments are made in cryptocurrencies, they cannot be reversed or refunded – giving threat actors a sense of security and incentivising victims to comply with demands.
- If variety is the spice of life, things in the world of cryptocurrencies are heading off the Scoville scale. The proliferation of cryptocurrencies provides ransomware gangs with a huge range of options for receiving payments while maintaining their anonymity. Privacy-focused cryptocurrencies offer enhanced privacy features, making it even more challenging to trace transactions and identify perpetrators.
- And, finally, there is ‘ransomware-as-a-service (RaaS)’. Ransomware threat actors often leverage RaaS platforms, where affiliates distribute ransomware in exchange for a share of the ransom payments (a so-called ‘monetisation model’). RaaS platforms may provide built-in mechanisms for handling cryptocurrency payments (facilitated payments), streamlining the process for both attackers and victims.
Cryptocurrencies are therefore likely to remain a preferred method of payment for digital extortion. Efforts to combat ransomware often involve a balance between addressing the underlying vulnerabilities exploited by attackers, and addressing the challenges posed by cryptocurrency-based payments.
Cyber Risk
We bring the best of our collective experience, energy and creative power to fiercely safeguard our clients and fortify their communities.
Insights
Thomas Murray Partners with Socura to offer Managed Detection and Response to clients that need support to stop cyber threats 24/7.
The collaboration will see Thomas Murray offer Socura MDR to help its clients proactively identify and respond to threats.
Thomas Murray and Crimson7 Announce Strategic Partnership to Modernise Threat Informed Security
Thomas Murray and Crimson7 are partnering to combine their expertise and create innovative solutions for tackling key cyber security challenges.
Thomas Murray and askblue partner to support financial institutions in meeting the Digital Operational Resilience Act (DORA) requirements
Thomas Murray and askblue are collaborating to provide services that help financial institutions comply with DORA requirements.
Threat Intelligence for Law Firms: Protecting clients in the digital age
As a law firm, protecting your clients' data and reputation is more critical than ever in today’s digital-first world.