Cryptocurrency is fueling the ransomware boom. Here’s how to protect yourself

Cryptocurrency was once positioned as a future alternative to traditional fiat currency – a decentralized digital currency that marked the next big step in digitizing the world.

But today the greatest practical use of cryptocurrency is a money laundering vehicle for cyber criminals. This fact has helped fuel a ransomware boom that has hit two-thirds of organizations globally – and made it all the more important for organizations to know how best to protect themselves in the face of what has become a global crisis.

Crypto has changed the game for ransomware and cyber fraud

Not so long ago, criminals negotiated ransoms through all-physical, even face-to-face encounters: from dropping duffel bags full of cash in a public place to exchanging ransoms for victims in person. . It’s almost hard to imagine that today’s criminals would be willing to endure such elaborate and revealing ransom exchanges – an activity so pernicious in some parts of the world that it has even prompted legislation. prohibit ransom payments outright to deter criminals.

The reason it’s hard to imagine today’s cybercriminals going that far is that they simply don’t have to. Your average ransomware group doesn’t need to plan a ransom drop point or handle the logistics of collecting and transporting a large amount of cash.

Cryptocurrency offers a much faster and easier avenue. Victims are asked to pay the ransom in, say, Bitcoin. Payment is made anonymously, obscuring who exactly it goes to. At this point, criminals will typically move currency through Bitcoin cups to “launder” or “wash” the stolen funds.

They can transfer the money to more privacy-friendly currencies like Monero and eventually go back to something more liquid. In the end, it’s often unclear where it ends up, as cryptocurrency laundering is often impossible to untangle.

More lucrative, less chance of detection

The way crypto has disrupted cybercrime payouts has also changed the nature of cybercriminals’ fraudulent schemes. Credit card fraud, e-gold Ponzi schemes, GreenDot Money Pack diets and gift card fraud from some of the biggest retailers cumulatively earns cybercriminals hundreds of millions of dollars.

But individually, these schemes often fail to fetch more than a few hundred dollars each. They are also incredibly complex to perform and pose the risk of detection or outright cancellation by the bank – or the retailer gets ripped off.

All of these schemes have been phased out by ransomware due to cryptocurrency. The proliferation of bitcoin and bitcoin ATMs has made it easier to acquire, mine, and trade digital coins, while giving the green light to the modern ransomware attack.

Suddenly it became incredibly simple to extort victims for thousands or millions of dollars per attack. The addition of anonymous online payments also eliminated the threat of attackers being exposed in physical exchanges and helped eliminate the ability to identify attackers and hold them accountable.

Cryptocurrency and the state of ransomware in 2022

What we have today is a cryptocurrency-fueled global ransomware boom. OUR new search shows how bad the ransomware landscape has become:

• From 2020 to 2021, the share of organizations worldwide attacked by ransomware nearly doubled, from 37% to 66%.

• Over the same period, the average ransom per attack has increased nearly fivefold, now extorting more than $800,000 from the victim. Additionally, the number of attacked organizations paying more than $1 million in ransoms nearly tripled, from 4% to 11%.

• At the same time, the share of ransoms worth $10,000 or less fell from 34% to 21%. Ransoms are becoming increasingly financially burdensome as the petty schemes fade and the big payouts for attackers skyrocket.

• The average cost to recover from a ransomware attack is $1.4 million, with a recovery time of up to a month.

• An overwhelming majority of victims (90%) say ransomware impacts their ability to function, and 86% say it causes them to lose business or revenue.

• Nearly half (46%) of attacked organizations paid the ransom, even when they had other means of data recovery.

A combination of factors

Eventually, Ransomware attacks hurt more organizations and ransoms increase. And bad actors can get away with it, because cryptocurrencies have made anonymous ransom payments to attackers easier and faster than ever. When nearly half of victims are willing to pay and collecting payment is so easy, what incentive does a ransomware attacker have to stop?

Anti-money laundering regulations and “know your customer” rules can theoretically contribute to making cryptocurrencies less viable as a dumping ground for ransomware gains. But despite US government action and international cooperation, cryptocurrency will continue to reward and accelerate ransomware activity.

This is largely thanks to a combination of foreign governments turning a blind eye to cybercriminals within their borders. This enables cryptocurrency exchanges with lax identity enforcement, verification systems that continue to operate in countries ostensibly allied with ours, and the great ease of laundering stolen digital coins into fiat currencies for ransomware groups. .

The best ransomware attack is a layered defense

As always, the best tools we have against a growing global ransomware crisis are those that help organizations prepare for an attack and position them for a quick and relatively painless recovery.

• Back up your data and regularly practice restoring your data from these backups: A ransomware attack should not be the first time you try to restore data. The more experience you have, the less the data recovery process will disrupt your organization and the less tempted you will be to pay the ransom.

• Deploy proactive threat hunting: Proactive threat detection helps you identify and stop groups of ransomware before they can execute attacks. If you don’t have the resources, hire external experts in managed detection and response (MDR) who can do it for you.

• Develop incident response and business continuity plans: Having a clear and actionable roadmap to follow in the event of a ransomware attack reduces your chances of making rash decisions in the heat of the moment. Planning ahead can help prevent regret later.

• Install and regularly update high-quality security controls: Protecting all endpoints in your environment reduces the likelihood of ransomware infection.

• Correct and carefully monitor critical server resources: Your critical assets are what ransomware criminals need control over. Ensure all server and application infrastructure is up to date with security patches and protected by your most advanced security tools. Any gaps will give criminals a foothold they can expand into a full-fledged attack.

Don’t be tempted by the path of least resistance

Finally, do not pay the ransom. For organizations such as hospitals or utility providers, the threat of machines being encrypted and forcing an operational shutdown can be a matter of literal life or death. It’s tempting to bite the bullet and pay the ransom as a path of least resistance. But pay ransoms just pours more money into the crypto-ransomware economy and incentivizes ransomware groups to keep attacking.

Also, you have no guarantee that attackers will actually decrypt your data. While most victims who pay get some of their data back, it’s rarely enough to avoid the need for a full restore from backup. Worse still, it marks you as a target for future ransomware groups.

Ransomware attacks will only intensify in the near future, in part because cryptocurrencies have made it easier for attackers. Any organization can be caught in the crosshairs. No matter the industry, the best organizational offense is proactive defense.

Chester Wisniewski is Technical Director of Applied Research at Sophos.