Ransomware

To pay or not to pay—the debate about whether to pay ransomware attackers rages on. But at the end of the day, it’s all theoretical—until you get hit. This was the case with JBS Foods, the largest supplier of meat in the world. Like many companies, they chose to do what some consider unthinkable: They paid the ransom. And the price was steep: $11 million.

In exchange, they got a decryptor program to regain control of their system, which the infamous ransomware gang REvil had been holding hostage. REvil also promised they wouldn’t leak JBS files to the public.

In a report, JBS said it got most of its systems back up and running without paying the ransom, but it chose to pay the ransom to keep its files safe, in particular, to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.” Like in many other ransomware attacks, the criminals demanded payment in cryptocurrency, and JBS complied.

The rise of cryptocurrency and ransomware, while not exactly parallel, are interrelated. As a result, cybercrime and crypto have a complicated, unsettling relationship.

The Evolution of the Crypto Market

The crypto market had humble beginnings, with a pizza purchase using bitcoin on May 22, 2010. But the evolution from fast food to ransomware payments is both unsurprising and linear.

Why Crypto Has Become Popular

If you’ve ever had to pay someone in another country using cash, you have an intrinsic understanding of why cryptocurrency has become such a hot commodity. How much did you have to pay in exchange fees? Did you have to go to a bank or exchange teller to switch currencies? If so, how long did that take? Perhaps you wired cash to the person. How much did you pay? Or maybe you used Western Union. How much did that cost, and how long did the recipient have to wait in line at the store? Did they feel safe as they walked out of the shop with a wad of cash bulging out of their back pocket?

The list of issues connected to traditional money transfers abound. If you had paid with crypto, the entire transaction could have taken less than a minute, no matter where you were sending the money to, and the fees would have been pennies or less.

That’s just one example. Others have devoted their financial attention to crypto because of its decentralized nature: no more expensive fees and unreliable banks or middlemen. And many have fallen in love with the immutable nature of the blockchain: Transactions are permanent, and they can’t be faked unless someone gains control of at least 51% of the computers that validate transactions.

The Key to the Rise of Crypto: Blockchain Technology

If it weren’t for blockchain developers, the skyward climb of crypto may have stalled somewhere along the way. Developers came up with cryptocurrencies such as ETH on the Ethereum blockchain that, like bitcoin, enabled international transactions with extremely low fees. But, unlike bitcoin, they were nearly instantaneous.

The enablement of faster, easier transactions paved the way for a wide range of other blockchain-based applications that empower users to do things that would otherwise be impossible.

For example:

  • People can use the blockchain to purchase real estate, digitizing the paperwork and requirements while removing expensive middlemen to save tons of money.
  • Because you can accord any computerized file a unique identity on the blockchain, artists can collect royalties on their work without worrying about others getting paid for a copy of their intellectual property.
  • Non-fungible tokens (NFTs) open the possibility for truly unique works of art with their one-of-a-kind identity stored and verified on the blockchain.
  • Suppliers and manufacturers can also assign crypto tokens to individual products, and then use them to track how they move through the supply chain. This is to combat the creation and sale of knock-off products that reduce the value of the real thing. Because the knock-offs aren’t tokenized, even if a fraudster creates a fake label that takes the buyer to the blockchain, what the buyer sees won’t match the identity of the authentic product.

So even though bitcoin is popular, it’s the ubiquitous nature of these other applications that continue to give crypto its power. The result has been a meteoric climb in the size of the cryptocurrency market.

Cryptocurrency Market Size and Trends

The value of the crypto market has jumped from a mere $25 billion in March 2017 to just under $1 trillion in June 2022. And according to experts, the growth isn’t going to stall.

Fortune Business Insights is projecting a compound annual growth rate (CAGR) of 11.1% between 2021 and 2028. This forecast comes despite a considerable slump due to the COVID-19 pandemic and its effects on a range of economic elements. Cryptocurrency enterprises have had to lay off employees and cut back on costs just to survive. Elliptic, for instance, had to lay off 30% of its staff in the United States and the U.K.

Still, that hasn’t tempered expert projections. Much of this confidence may be buoyed by the ways crypto is being used. For example, it’s no longer just a vehicle for simple peer-to-peer transactions—it’s also become a trading tool for both retail and institutional investors. Trading activity is far more popular than peer-to-peer transactions, making up 42.8% of all crypto activity in 2020.

This is one reason why crypto has gone from a cool, digital anomaly to a legitimate economic tool. On the other side of the crypto coin, however, is abuse by cybercriminals.

The Impact of Cryptocurrency on Cyberattacks and Ransomware

Cryptocurrency is a hacker’s best friend—not because it’s fast and digital, but because it enables completely anonymous transactions. Here’s how it works—and how it empowers cybercriminals.

When you use a traditional bank, the tools you use, including your checking account, bank card, checkbook, and savings account are all directly linked to your identity. You need at least one form of ID to open an account, and you may have to present identification when you make purchases and withdrawals.

How the Blockchain Allows Cybercriminals to Hide

On the blockchain, there’s no link between who you really are and the funds you have or the transactions you engage in. In other words, there’s only an account number, which is your crypto wallet. You can get your own wallet in a matter of minutes for free, and you can make new wallets as you wish, without restriction. And there’s never a link between your wallet and who you are.

Granted, serious criminals may have to take a few extra steps to conceal their identities from authorities, but this isn’t difficult. For example, they may use virtual private networks (VPNs) to disguise where they are and the computer they’re using while engaging in illicit activity. They may also avoid making credit card purchases on crypto exchanges, which may require ID.

But it’s not hard to hide on the blockchain. This means a cybercriminal can extort money from companies, accept payments for the malware they manufacture, and take money for the intellectual property they steal without leaving a paper trail.

Cryptocurrency and Ransomware: A Match Made in Criminal Heaven

The anonymous nature of the blockchain makes crypto an ideal payment solution for ransomware criminals. When a victim makes a payment in bitcoin, there’s no bank account number linked to a real person. You just enter the criminal’s crypto wallet data, and within moments, the funds are in their account.

They can then distribute this money any way they want, sending it to other wallets as they wish, and these can belong to them, another organization, or individual accomplices.

Can Cyber Insurance Help?

Cyber insurance can greatly benefit companies that have been hit by a ransomware attack. It can help them cover the costs of:

  • Ransomware settlement payments the criminals demand
  • Remediating damage done to their systems by an attack
  • Lawsuits initiated by customers whose personal or financial data has been stolen
  • Reimbursements to companies or people who have been victimized because their financial data was stolen

But cyber insurance can also do more harm than good. Cybercriminals are more likely to target organizations with cyber insurance—because they know these companies have the financial backing to pay hefty ransoms.

Does Crypto Make Ransomware Worse?

Despite its innumerable benefits, cryptocurrency also makes it easier for cybercriminals to extort money from ransomware victims. But is it fair to blame a tool for the actions of those who abuse it? Are cars to blame for drunk driving accidents?

If the world went back to horses and buggies, the number of deaths due to drunken drivers would undoubtedly plummet. Banning crypto and doubling down on the expensive, time-consuming transactions inherent to traditional banking may not be the best answer to the ransomware problem. Fortifying cyber defenses and educating employees on how to avoid attacks may be a more powerful, longer-lasting deterrent for cybercriminals.

Leave a reply

Please enter your comment!
Please enter your name here