Ransomware is malicious software that takes control of a computer. For example, ransomware encrypts files or threatens to make private data publicly available. The criminal behind the software releases controls only after receiving a ransom payment.
Meanwhile, ransomware attacks have eclipsed many other cybercrime threats and have become the main concern of law enforcement agencies and security experts in many countries. It is a class of malware that prevents the user from accessing the device - usually through unbreakable encryption - until a ransom is paid to the attacker.
In this type of attack, cybercriminals profit not from reselling the stolen information on underground markets, but from the value, victims place on their locked data. Most importantly, criminals profit from the willingness to pay a fee to regain access to the lost data. In this respect, the ransomware business model appears to offer more favourable monetization opportunities than other forms of cybercrime due to its scalable potential and the elimination of intermediaries.
The fight against ransomware
A growing number of government and industry officials facing ransomware see cryptocurrency regulation as key to combating the epidemic. Voices were raised recently in Switzerland, for example, or at the virtual meeting of the Anti-Ransomware Initiative, even though ransomware has been around much longer than Bitcoin and other cryptocurrencies. In any case, there is agreement that the issue of ransomware needs to be addressed.
In June, the U.S. president and G7 leaders agreed that the international community must work together to ensure that critical infrastructure is resilient to this threat. At the NATO conference, they endorsed a new cyber defence policy that will ensure the NATO alliance is ready against malicious cyber activity by state and non-state actors.
The Biden administration took action in September to address the growing problem of ransomware attacks. It expanded its sanctions to take out digital payment systems that have enabled such criminal activity and threatened national security. According to the Treasury Department, ransomware payments exceeded $400 million in 2020, four times higher than the previous year.
5.2 billion ransom paid
On October 15, 2021, the Financial Crimes Enforcement Network (FinCEN) in the U.S. released a report titled "Financial Trend Analysis: Ransomware Trends in Bank Secrecy Act Data between January and June 2021." This report contains some key findings of the relationship between cryptocurrency and ransomware-related financial crimes.
A large portion of this report specifically targets the role cryptocurrencies play in the world of ransomware in 2021. In total, the organization claims to have identified around US$5.2 billion in outbound BTC transactions potentially linked to ransomware payments in the course of its research for the report. To put this in perspective; The trading volume of the first US Bitcoin ETF reached nearly one billion on the first day of trading.
The freedom associated with cryptocurrencies like Bitcoin is commonly seen as one of their benefits. The downside of this freedom is its accessibility to financial criminals such as fraudsters and money launderers. While this is not a problem that affects the average user, it is a big sticking point for regulators and an argument on the side of CBDC proponents.
Not a new phenomenon
Ransomware existed before cryptocurrencies even existed, contrary to the beliefs of many. Ransom-A, a 2006 strain of ransomware, froze victims' computers and released them only after $10.99 was wired via Western Union. Cryzip demanded a $300 ransom, payable via an early digital gold payment system. Another ransomware outbreak in 2011 posed as law enforcement agencies such as London's Metropolitan Police or the Federal Bureau of Investigation and demanded payment via e-money or prepaid cards such as MoneyPak, Ukash or PaySafeCard.
However, while ransom demands were still manageable a few years ago, the trend is now moving in a different direction. Average ransom sums are now around $300,000. Almost 98% of the ransoms demanded via ransomware attacks are paid in Bitcoin or Monero. Criminals have thus found in cryptocurrencies a way to use a widespread and secure form of payment. However, it would be imprudent to attribute this development exclusively to the introduction of cryptocurrencies: In cryptocurrencies today, criminals have found a vehicle to make tracking financial transactions more difficult and bypass cumbersome service providers. Cybercriminals are using these new technologies to enrich themselves, so that's where a lack of security plays a role. After all, transporting money after a bank robbery works a lot easier if you use a car as the getaway vehicle instead of a carriage.
Cryptocurrencies are not the starting point for criminals
Therefore, if there were no attacks, no data would be compromised and there would be no transaction of ransom. Cryptocurrencies thus serve as a tool for cybercriminals, but not as a starting point for the criminal business. Security from ransomware plays a large role and is often used politically in the fight against largely unregulated cryptocurrencies. It is much more important to understand where security vulnerabilities lie.
Since launching a ransomware attack is not particularly expensive, but defensive measures are much more costly in comparison, cybercriminals have a big advantage. In addition, there is a shortage of skilled personnel in the IT security industry, which drives up salary levels and thus prevents smaller companies from being able to protect themselves optimally. Ransomware is therefore not only a technical problem but also a social and economic one, which is likely to become bigger rather than smaller as global inequality and digital networking continue to grow.
Misplaced priorities fuel attacks
"The past twelve months have underscored that the threat posed by cybercriminals to a digital society continues to grow," it then goes on to say in the report on the state of IT security in Germany 2021, which the German Federal Office for Information Security (BSI) presented with media attention. It mentions several times how important the IT Security Act is in this context. Among other things, it obliges companies to report incidents, but also to prove their system security beforehand. Vulnerabilities in software are still an important gateway for malware. In February 2021, 553,000 malware variants were discovered in one day, according to the federal office.
Errors in the software then make it possible for criminals to penetrate networks or infiltrate malware. This is particularly serious if the gap is in software that is used by many institutions - because they are then all vulnerable at the same time. In this case, it was missed to hold the manufacturers accountable and to establish the liability for faulty software demanded by experts.
Global Encryption Day
Global Encryption Day is an opportunity to tell governments around the world that protecting and strengthening encryption is critical to making the Internet safer for their citizens. It will send a message to governments to abandon plans that would weaken encryption and the Internet as a whole by granting law enforcement special powers to access private data on encrypted platforms.
"With its plans to break secure encryption, the EU Commission is actually putting the overall security of our private communications and public networks, trade secrets, and state secrets at risk for short-term surveillance desires. Opening the door to foreign intelligence services and hackers is completely irresponsible." - Patrick Breyer, MEP
Encryption not only protects data from unauthorized access but also rebuilds trust in email traffic. Encrypted emails carry their information in an envelope, marked with sender and recipient. This not only preserves digital postal secrecy but also verifies the sender and more easily prevents phishing attacks.