Find a Partner
Ransomware attacks are on the rise and have recently been front page news with attacks on the Colonial Pipeline, JBS Food and Kaseya. This ever-evolving malware can encrypt your files and block access to them. Previous ransomware attacks stole or accessed data and held that hostage while demanding a ransom and threatening to leak or sell the data.
However, more recent attacks have a change of strategy and target specific companies and encrypt the data, often causing severe disruption to service and often society in general. In exchange for decryption, and service returning to normal, malicious actors demand a ransom. The adjustment in strategy by cybercriminals is largely due to the booming world of cryptocurrency.
Why cryptocurrency? According to the Wall Street Journal, hackers that request payment in the form of cryptocurrency can be “difficult to pursue across digital wallets and national borders.” In addition, these exchanges often take place overseas, severely limiting governmental regulatory power and law enforcement.
Unlike paper money, cryptocurrency, also known as “crypto,” is a form of digital payment used to purchase goods and services online and is not issued by a central authority. Companies like Bitcoin, Ethereum, and Cardano have issued their own forms of currency, or tokens, that users can buy and trade. You can purchase cryptocurrency using real money.
“Cryptocurrency is a form of digital payment you can use to purchase goods and services online.”
These companies use blockchain technology, spread across many different computers that manage and record transactions. It’s a highly secure form of technology, however, it’s also anonymous and hard to trace, making it extremely attractive to cybercriminals today.
Using cryptocurrency, cybercriminals can transport vast amounts of money across international boundaries within seconds. The ease and quickness of transactions, coupled with lack of traceability, have made it the go to solution for ransomware hackers.
With the rise of cryptocurrency in recent years, cybercriminals have shifted from conducting small-scale theft – stealing money from individual bank accounts or credit cards – to extorting huge ransoms from leading corporations and governments (NPR). Many of these cyber thieves live outside of the U.S., in countries like Russia, making it even more difficult to trace them or catch them in the act.
“In recent years, cybercriminals have shifted from conducting small-scale theft to extorting huge ransoms from leading corporations and governments.”
There are several variants of ransomware (WannaCry, CryptoLocker, Bad Rabbit, GoldenEye, Jigsaw, etc.) with the same goal: gain access to a network, encrypt the data and demand a ransom. Bad actors use different methods for gaining access, with phishing, stealing employee login information and exploiting vulnerabilities such as the zero-day vulnerability of Pulse Secure’s VPN appliances, as some of the more common attack methods.
Using phishing as an example, the main steps to a ransomware attack are:
If paid, the cryptocurrency transactions occur on exchanges, which are organized markets where people exchange cryptocurrencies amongst each other or into dollars (or other currencies). The cryptocurrency is deposited into an anonymous private account or “wallet.” These transactions are recorded on “public ledgers” where anyone can watch transactions take place online. However, while anyone can view the transactions taking place, because the wallets are anonymous, they can be challenging to identify and trace. In addition, most cybercriminals have several wallets enabling them to move currency from one account to another while staying under the radar and out of reach of law enforcement.
This visibility into payments on public ledgers, even without knowing the recipient, and seeing a success rate for cybercriminals in their attacks may lead some companies to see no other way to deal with an attack than to pay.
Ransomware attacks demanding cryptocurrency can happen to businesses of all sizes and can cost companies hundreds of thousands, or even millions of dollars in ransom payments. In fact, data breaches cost companies an estimated $4.24 million per incident on average — a 17-year high (Fox Business).
No industry is immune to the attacks with the following paying ransom via cryptocurrency in 2020 and 2021:
While ransomware attacks continue and the amounts demanded increase, there are several defensive moves companies and governments can make to help prevent ransomware attacks in the future.
It’s time to recognize that this is an international issue and that the most effective way to stop ransomware is by developing a global solution. Leaders must work together to readily share information, develop prosecution agreements for cybercriminals and impose sanctions against rogue nations that harbor cyber pirates.
Law enforcement agencies encourage individuals and organizations not to pay fees to cybercriminals. However, many organizations choose to pay anyway to restore their data ASAP and protect their data, people, and reputation.However, keep in mind that before paying criminals any money that:
On June 7, 2021, the U.S. Department of Justice and FBI announced their recovery of $2.3 million of the Colonial Pipeline’s ransom. Law enforcement tracked multiple Bitcoin transfers to a specific address. Moving forward, investigative techniques such as these, along with advanced knowledge of cryptocurrency and blockchains, may prove valuable for FBI and law enforcement teams to track payments and activities that can help investigators find and stop cybercriminals.
“Having the skills to track payments and activities can help investigators find and stop cybercriminals in their tracks.”
As an individual business, you also have steps you can take to defend your company against cybercrimes.
Sign up to receive updates on Untangle news, products and more
Copyright © 2022 Untangle
1 (866) 233-2296