Ransomware and cryptocurrencies appear intrinsically linked, with the perpetrators of attacks almost always demanding a ransom be paid in Bitcoin or another digital currency. Though the anonymous nature of cryptocurrency makes it an obvious way for criminals to obtain and hide funds, tighter regulation or a ban on blockchain-based currencies is unlikely to stem the tide of attacks, experts told Tech Monitor.
The cybersecurity community has increasingly been highlighting cryptocurrencies as a major enabler of ransomware attacks. A report released earlier this year by the US-based Ransomware Task Force, a coalition of cybersecurity experts from across government, law enforcement and the private sector, states: “The explosion of ransomware as a lucrative criminal enterprise has been closely tied to the rise of Bitcoin and other cryptocurrencies, which use distributed ledgers, such as blockchain, to track transactions.”
But the early ransomware attacks long predate cryptocurrency – the first recorded is thought to have taken place in 1989 – and the rise of Bitcoin and its competitors have simply fuelled the growing trend.
What is the connection between ransomware and cryptocurrency?
Without the existence of cryptocurrencies, ransomware would still be a big problem, says Nick Biasini, head of outreach at Cisco Talos. “If you go way back and start at the beginning of ransomware before it became the pervasive issue that it is today, it was actually not based on cryptocurrencies. The payment system was designed around gift cards or various other types of payment cards that you could operate.”
Much of the malware being used at this time was scattergun, targeting as many random users as it could to maximise the amount of money to be made. “When it originally started, it was designed to just affect random users, like most other malware threats,” says Biasini. In 2021 ransomware has evolved from these humble beginnings into what has been termed ransomware 2.0, or corporate ransomware, with large-scale attacks carried out by organised criminal gangs and targeting corporations, national infrastructure, software providers and their supply chains. Recent examples include the Colonial Pipeline and JBS attacks in the US.
Cryptocurrency should not be thought of as the cause or instigator of these ransomware attacks, but rather the catalyst for their sudden spurt in growth, Biasini says. “Cryptocurrency is like gasoline on a fire that was already burning,” he says. “It was there already, but now look at the size of the flame. Cryptocurrency plays a role in that because it is a very easy mechanism that exists today for monetisation.”
Cryptocurrency is like gasoline on a fire that was already burning.
Nick Biasini, Cisco Talos
The anonymous nature of cryptocurrency, plus the fact it operates across borders, makes it an ideal tool for criminals. “When cryptocurrencies arrived on the scene, the attackers saw an excellent way to gather money outside of the global banking system, with all their rules, regulation and, importantly, scrutiny,” says Andrew Rose, resident CISO at cybersecurity firm Proofpoint. “Now they could monetise end-user attacks directly, without the need for ‘steal and resell’ models.”
Cryptocurrencies have “enabled ransomware to successfully function as an income stream without adding significant risk to the attacker,” Rose adds. “Internet anonymity, supported by the challenges of cross border cooperation and extradition, make cybercrime a relatively low risk, high profit, career.”
This sort of growth is self-perpetuating, however. While ransomware may have facilitated a frictionless way of monetising such attacks, nothing draws criminals to a trend more than the promise of money, explains Biasini. “It’s hard to say if it’s the cryptocurrency that’s driving the growth or the massive amount of money that’s available,” he says. “What we’ve seen is adversaries follow money. So if there is a huge amount of money to be made, you’re going to see people rush to that landscape.”
Would regulating cryptocurrencies make any difference?
Cryptocurrencies are notoriously difficult to regulate, but finding a way to do this effectively could cut the ransomware threat down to size, says Rose. “One model could be to regulate crypto-exchanges, where coins and regulated money are converted. Insisting that these brokers apply standard financial regulations, such as anti-money laundering or financing terrorism rules could start to make a difference,” he says. In June the UK financial conduct authority made a move in this direction when it banned crypto-exchange Binance, a move it reiterated last month.
Such bans make it more difficult for criminals to make money out of ransomware, and may curtail the ability of victims to pay the ransom, potentially reducing the appeal to the cybercriminals. But they are unlikely to stop ransomware outright. "There will always be locations that are willing to turn a blind eye to low-level corruption, particularly if they can benefit from that market," says Rose.
Biasini argues that if cryptocurrencies disappeared, ransomware would simply find new ways to profit from attacks. "The cat's out of the bag," he says. "They're going to continue to figure out new ways to get monetised now." Implementing strict regulations on cryptocurrencies would only slow ransomware criminals down briefly. "It may have a limited impact in the short term, because if you make a bunch of drastic changes, that could increase the difficulty," Biasini adds. "But there's so much money to be made and a lot of people involved in this ecosystem, I don't think it would last very long. They would figure out ways around it."
What can be done to fight against ransomware?
The digital world, like the real world, will always have an element of criminality, says Daniels. "We are not going to be able to eliminate cybercrime from the internet any more than we have eliminated physical crime from the physical world," he says. Banning cryptocurrency payments may even make it more difficult for businesses to recover from attacks. "You have to think about this from an enterprise's perspective," Daniels continues. "If you ban payments and they get hit with one of these attacks [and can't pay the ransom], the financial impact on a business could be crippling."
Global cooperation and patience, rather than a cryptocurrency ban, is needed to combat ransomware, Daniels adds. "There is no easy button [to stop] ransomware," he says. "I'm not sure there was ever an easy button for ransomware, but if there was, we have certainly long since passed that point. No one policy solution is going to be sufficient to address this threat." Governments will have to figure out how to coordinate their cyber responses to threats such as these to present a united front against cybercrimes of this scale. "You're going to have to do this as a systemic multi-governmental, public and private sector effort to achieve those goals," Daniels argues.
Saeed Idris Hasan is head of technology at the Blockchain Council, a group of organisations dedicated to the development of blockchain infrastructure. He says large organisations need to rethink their approach to security to stem the tide of ransomware attacks. "The major root cause of ransomware is security lapses at organisations in the implementation of web-based applications," he says. "So if you don't adhere to appropriate cybersecurity rules and regulations, then the ransomware hackers will be able to exploit those vulnerabilities and make an attack. That is where we should put our focus."
Idris Hasan concludes that ransomware is "the cost that we have to pay if we want to stay in the digital world", and adds: "In our real world, we buy insurance, because we understand that there are implications, so we need to protect ourselves like this in the digital world as well."