Cryptocurrency is fueling the ransomware boom. Here’s how to protect yourself

Cryptocurrency was once positioned as a futuristic alternative to traditional fiat money – a decentralized, digital currency that marked the next big step in the digitization of the world.

But today, the single biggest practical use of cryptocurrency is as a money laundering vehicle for cybercriminals. This fact has helped fuel a ransomware boom that has affected two-thirds of organizations worldwide – and makes it even more important for organizations to know how best to prepare themselves to deal with the global crisis. How to keep safe from

Crypto has changed the game of ransom and cyber fraud

Not too long ago, criminals negotiated ransoms entirely through physical, even face-to-face encounters: from leaving duffel bags of cash in a public place for victims to in-person exchanges of ransoms. It is almost hard to imagine that today’s criminals would be willing to expose such elaborate and extorting ransom exchanges – an activity that was so noxious in some parts of the world that it led to bans on the payment of ransom to discourage criminals. Also gave birth to the law that imposes.

It is hard to imagine today’s cyber criminals going to this extent, as they simply do not have the wherewithal to do so. Your average ransomware group doesn’t need to plan drop-off points for ransom or navigate the logistics of picking up and transporting large amounts of cash.

Cryptocurrency offers a much faster and easier avenue. Victims are asked to pay a ransom in bitcoins. Payments happen anonymously, obscuring who it’s actually going to. At this point, criminals will transfer the stolen funds to “launder” or “wash” the currency, usually through bitcoin tumblers.

They can move funds to more privacy-enhancing currencies like Monero and eventually back to something more liquid. In the end, we often don’t know where it ends, as crypto laundering is often impossible to solve.

more attractive, less chance of detection

The way crypto has increased the payback of cybercrime, it has also changed the nature of cybercriminals’ fraud schemes. Cyber ​​criminals make hundreds of millions of dollars from credit card fraud, the e-gold Ponzi scheme, the GreenDot MoneyPack scheme, and gift card fraud from some of the largest retailers.

But individually, these schemes often fail to net more than a few hundred dollars. They’re also incredibly complicated to withdraw and are fraught with the risk of detection or outright cancellation by the bank – or the retailer being ripped off.

All these schemes have been phased out by ransomware due to cryptocurrency. The proliferation of bitcoin and bitcoin ATMs made it easier to acquire, mine and trade digital coins, but gave the green signal for the modern ransomware attack.

Suddenly it became incredibly easy to extort thousands or millions of dollars per attack from victims. The addition of anonymous online payments also removed the risk of attackers being exposed in physical exchanges, and helped eliminate the ability to identify and hold attackers accountable.

The State Of Cryptocurrency And Ransomware In 2022

Today we have a global ransomware boom inspired by cryptocurrencies. Our new research shows how dire the ransomware landscape has become:

• From 2020 to 2021, the share of organizations worldwide attacked by ransomware nearly doubled from 37% to 66%.

• Over the same period, the average ransom per attack increased nearly five-fold, with more than $800,000 now being collected from victims. Additionally, the number of attacker organizations that paid more than $1 million in ransom nearly tripled, from 4% to 11%.

• At the same time, the share of ransoms of $10,000 or less decreased from 34% to 21%. Ransom is becoming more financially onerous, as smaller schemes fizzle out and larger payouts for attackers add up.

• The average cost of recovering from a ransomware attack is $1.4 million, with a time-to-recovery time of up to a month.

• An overwhelming number of victims (90%) say ransomware affects their ability to operate, and 86% say it causes them to lose business or revenue.

• Nearly half (46%) of attacked organizations paid the ransom, even when they had other means of data recovery available.

culmination of factors

After all, ransomware attacks are hurting more organizations and the ransom is getting bigger. And bad actors can get away with it because cryptocurrency has made it easier and faster than ever to make anonymous ransom payments to attackers. When about half the victims are willing to pay and collecting payment is so easy, what incentive is there for a ransomware attacker to stop?

Anti-money laundering regulations and “know your customer” rules could theoretically help make cryptocurrencies less viable as a dumping ground for ransomware profits. But despite both US government action and international cooperation, cryptocurrency will continue to reward and accelerate ransomware activity.

This is largely thanks to a combination of foreign governments turning a blind eye to cybercriminals within their borders. This enables cryptocurrency exchanges with lax identity enforcement, verification schemes that continue to operate in countries affiliated with us and easy access for ransomware groups to launder stolen digital coins in fiat currencies.

The best offense against ransomware is a multi-layered defense

As always, the best tools we have against the growing global ransomware crisis are to help organizations prepare for an attack – and position them for a quick and relatively painless recovery.

• Back up your data and practice restoring your data from those backups regularly: A ransomware attack should not be the first time data restoration is detected. The more experience you have, the less intrusive the data recovery process will be for your organization – and the less tempted you’ll be to pay the ransom.

• Deploy Active Threat Hunting: Proactive threat detection helps you identify and stop ransomware groups before they can execute attacks. If you do not have the resources for this, enlist external managed detection and response (MDR) specialists who can do this for you.

• Develop incident response and business continuity plans: Having a clear and actionable roadmap to follow in the event of a ransomware attack reduces the chances of making rash decisions in the heat of the moment. Planning ahead can help prevent regret later.

• Install and regularly update high-quality security controls: Protecting all endpoints within your environment reduces the potential for ransomware infection.

• Patch and carefully monitor critical server assets: Your mission-critical assets are what ransomware criminals need control over. Make sure all server and application infrastructure is up to date with security fixes and protected by your most advanced security tools. Any gap will give the offenders a foothold that they can widen into a full blown attack.

Don’t be tempted by the path of least resistance

Lastly, don’t pay the ransom. For organizations such as hospitals or utility providers, the threat of machines being encrypted and forced to cease operations can literally be a matter of life and death. It’s tempting to bite the bullet and pay the ransom as the path of least resistance. But paying the ransom only injects more money into the crypto-ransomware economy and encourages ransomware groups to attack.

Additionally, you have no guarantee that attackers will actually decrypt your data. While most victims who pay get some of their data back, it’s rarely enough to prevent the need for a full restore from backup. Worse, it marks you as a target for future ransomware groups.

Ransomware attacks will become more intense in the near future, in part because cryptocurrencies have made it easier for attackers. Any organization can get caught in the crosshairs. No matter the industry, the best organizational offense is a proactive defense.

Chester Wisniewski is Field CTO of Applied Research sophos,