Quick Take: How Cryptocurrency Boosted Cybercrime Racketeering
Cyber attacks using ransomware are on the rise, and ransom payments to hackers are also increasing. Bitcoin and other cryptocurrencies, as well as the exchanges where they can be traded anonymously, have become key tools for cyber extortionists. The huge sums paid by companies to regain control of their computers would have been nearly impossible to move to any other legitimate currency market, experts say.
1. How is crypto used in cybercrime?
A typical ransomware attack against a business or organization might go like this: Executives realize that their company’s website is down or systems are inaccessible, and administrator replacements are not working. A ransom note arrives via email, providing a Bitcoin address where payment must be made if the company wants its systems to be up and running again, as well as a deadline. The victim calls the Bitcoin address, which is 26 to 34 characters long, when they log into a cryptocurrency exchange to make the deposit. (Bitcoin is the most common digital currency, but not the only one, used in ransomware attacks.)
2. What makes crypto attractive to criminals?
The anonymity built into the digital ledger system known as blockchain, which forms the basis of Bitcoin and other cyber currencies, can be exploited by various maneuvers. A ransom paid in Bitcoin can be quickly executed through a so-called cryptocurrency mixer, which obscures the track of ownership by pooling it with other people’s holdings. (While the practice itself is not considered illegal, mixing operators can get into trouble if they launder illegally obtained money.) Another option is to convert the ransom payment into crypto. -different currency via a crypto exchange. So-called money mules can be recruited from dark web forums and asked to withdraw Bitcoins from certain accounts.
3. How much was stolen this way?
Ransomware attacks took off in 2020, when victims paid attackers more than $ 406 million in cryptocurrency, according to blockchain analytics firm Chainanalysis. This year, groups took at least $ 81 million from victims in May, the company said. Cyber security firms claim companies have paid millions more in ransoms that have remained silent. Being insured against cybercrime can make victims more willing to pay ransoms if they are covered by the insurance policy. It is said that hackers who specialize in ransomware actively seek out targets that have insurance.
4. What were cyber thieves doing before Bitcoin?
There have always been a myriad of ways to launder money, that is, to hide its roots in illegal activities. In the past, ransomware payments were made through money transfers through services such as Western Union, prepaid gift cards, transfer of funds to senior bank accounts which are quickly transferred by criminals even from there. money in sports bags left in designated areas for pickup.
5. Can payments made in cryptocurrency be traced?
Yes, at least at the beginning. All Bitcoin transactions, while anonymous, are available to everyone, so someone who follows a particular Bitcoin wallet can observe when the money arrives. But accessing the money inside the wallet requires a private key, essentially a password, and that’s something ransomware groups don’t normally share with anyone outside of their operation.
6. Have ransomware payments been foiled?
Yes. The United States Federal Bureau of Investigation was able to recover 63.7 of the 75 Bitcoins paid by Colonial Pipeline, the operator of America’s largest pipeline, in a Russian-linked ransomware operation because it was able to track the money in more than a dozen transactions. , and most importantly, came into possession of the private key that the hackers had used. (The 63.7 Bitcoins were worth around $ 2.3 million at the time of the FBI’s action.) In the warrant it issued to seize funds, the FBI did not specify how its agents acquired the private key.
7. Can we do something else?
The settlement may be forthcoming. In April, the Ransomware Task Force, a public-private partnership created by the Institute for Security and Technology, released an 81-page report with recommendations on how governments can protect themselves against and respond to ransomware attacks. face. The group urged governments to expand Know Your Customer (KYC), Anti-Money Laundering (AML) and Anti-Terrorist Financing (CFT) requirements – which national and international authorities enforce against banks around the world – to crypto exchanges, kiosks (crypto version of ATMs) and over-the-counter trading tables. Calls for a total ban on Bitcoin have been assuaged by the currency’s gradual acceptance by the financial sector.