Menu
Blog

Ransomware and Bitcoin: How Cryptocurrencies Play in the Cybercrime Game

Ransomware and Bitcoin: How Cryptocurrencies Play in the Cybercrime Game
7 minute read

The explosive growth of the cryptocurrency market in recent years is nothing short of spectacular. Yet, during that same time organizations and individuals worldwide witnessed and fell victim to similar growth in the prevalence of ransomware attacks. Ransomware and Bitcoin are just the beginning, cryptocurrency as a whole has become much more widely used and there is an amazingly wide variety with new types popping up constantly. From Ethereum, Litecoin, Dogecoin and more, the list goes on. That said, just as the dark web has purposes beyond malicious intent, the same applies to cryptocurrency. It’s important to understand how these “vehicles” function and how they are used for criminal activity, including ransom payment. 

The Canadian Centre for Cyber Security is direct in its assessment of the correlation in the growth of both cryptocurrency and ransomware attacks. "Modern ransomware is dependent upon several technologies (e.g., cryptocurrencies) and services available in online criminal marketplaces, and without them we judge it almost certain that ransomware would be cost-prohibitive for cybercriminals. Ransomware has evolved alongside legitimate sectors of the economy, such as the financial sector, to take advantage of plummeting costs in data storage and computing, increased bandwidth and connectivity, and the creation of an Internet services economy. However, in contrast with legitimate sectors, modern ransomware is dependent upon cryptocurrencies and cryptocurrency-laundering services, and jurisdictions with lax or non-existent laws and law enforcement against cybercrime.”

Advice and resources abound, while several considerations come to the surface. Why do major institutions and corporations still fall victim to ransomware attacks? Whether technical, legislative or otherwise, what strategies would help quickly reduce the volume, success and damage of these attacks? Is it possible to disrupt ransomware attacks through cryptocurrency regulation without capsizing its market? Is the promise of cryptocurrency and its applications so great that they should continue to remain off-limits effectively? To what end? No one has all the answers but it’s important to pose the questions and use them to navigate the road ahead. 

“Modern ransomware is dependent upon cryptocurrencies and cryptocurrency-laundering services, and jurisdictions with lax or non-existent laws and law enforcement against cybercrime.”

- The Canadian Centre for Cyber Security

A Closer Look at Bitcoin and Cryptocurrency

Bitcoin is the first type of cryptocurrency to come on the scene. It is a decentralized digital currency that can be bought, sold and used without the use of financial institutions like banks and other intermediaries. “The reason why it’s worth money is simply because we, as people, decided it has value—same as gold,” explains digital financial services expert Anton Mozgovoy.

If you want to take a technical dive, you could describe Bitcoin as a system manufactured from blockchain technology which is essentially a “distributed digital record” as Forbes describes. It is a chain-linked together by units of data, or blocks, that hold details on each transaction that even include the buyer, seller and “a unique identifying code for each exchange.” So how is this a secure currency? Bryan Lotti of Crypto Aquarium describes these codes as “long, random numbers, making them incredibly difficult to fraudulently produce. In fact, a fraudster guessing the key code to your Bitcoin wallet has roughly the same odds as someone winning a Powerball lottery nine times in a row.” 

Bitcoin offers a wide variety of benefits, which is why cryptocurrency as a whole has taken root aside from criminal intent. Investopedia lists advantages such as “low transaction fees and speedier processing, compared to transactions conducted with fiat currencies” as well as being “useful for international transfers and transactions … conducted by those who are unbanked.”

Ransomware and Bitcoin go Hand in Hand

For many researchers, the rise in ransomware and Bitcoin is no coincidence. Bitcoin accounts for a large majority of ransom payments. Regardless of whether an organization attempts to recover data held hostage on its own or resorts to paying the ransom, understanding how Bitcoin works is critical when planning a cyber-attack response. Bitcoin, like other cryptocurrencies, offers a level of anonymity and is a fast form of payment with easy access. Bitcoin gained traction as the currency of choice among threat actors as it’s easy to obtain, and most victims will be able to pay using this currency.

The FBI IC3 report on cybercrime for 2020 showed $29 million in losses from 2,474 ransomware complaints, keeping in mind these numbers are low when considering how many cases go unreported. Lawmakers, regulators and more are looking for lasting solutions to the cybersecurity crisis and setting their sights on the form of payment for these ransom demands, going so far as to urge the ban of cryptocurrency altogether. In tandem, there are also suggestions that organizations should be banned from paying a ransom and in conjunction, the government should step in and provide aid.

It may sound extreme, but measures such as this can’t be completely disregarded when considering recent events. Attacks have gone beyond demanding a ransom from individuals or businesses and have moved to impact a nation’s critical resources. Only a few months ago, the southeastern US couldn't get gas for almost a week. Ireland’s National Health system is still recovering from a May 2021 attack, with critical resources essentially shut down and leaving many with healthcare needs scrambling to find aid. To compound the issue, gaining an accurate picture of ransomware attacks is challenging as many go unreported. To be fair, many organizations have valid reasons for paying the ransom and not reporting it to authorities, as well as avoiding alerting investors, customers and secondhand victims. 

The Great Debate: To Pay or Not to Pay

It’s a widely advised rule of thumb that victims should never pay up, but answers don’t always come easy once faced with a dire situation. The FBI “does not support paying a ransom in response to a ransomware attack.” Their dedicated ransomware website goes on to say, “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Adam Darrah, ZeroFox Director of Intelligence Services, provided an empathetic and well-rounded view when it comes to the difficult decision ransomware victims face. In an interview with Infosecurity Magazine, Adam points out several instances in which organizations might consider doing so, including:

  • Not being able to remediate in the time allotted 
  • Losing more money per day than the cost of the actual payment 
  • Operations are essential (people’s lives may be on the line) 

Darrah was also very clear that “the first thing any organization should do when they experience a ransomware attack is contact law enforcement. The second line of defense is to dispatch a third-party organization.” He went on to say that “in ransomware situations, time is of the essence. However, organizations tend to panic and have blinders on to what’s going on around them. In these instances, the best people will not be from within your organization. By working with a third party that specializes in ransomware scenarios and communicating with threat actors, organizations will have the necessary resources to better navigate the payment process. Working with cryptocurrency can be complicated and one mistake can result in an organization being out of a lot of money with even more trouble coming their way.”

If you aren’t a victim of a ransomware attack, know that these attacks are still increasing, and preparedness is critical. Data backup procedures and incident response plans are just a few basic measures to consider. If you aren’t sure where to start, learn more about ransomware using our free resources and reach out to our team of experts for targeted guidance.

See ZeroFox in action