From WannaCry to Locky to Spora to CryptoLocker, today’s ransomware attacks can take down businesses in minutes. In the early days of ransomware (which was just a few years ago) victims were instructed to send payments by Western Union or directed to purchase a prepaid MoneyPak, PaySafe or Ukash card which were sold at various retail outlets. Victims were then told to send the attackers the corresponding 14-digit voucher code, which allowed them to redeem those vouchers for cash. Though these payment schemes were more cumbersome to trace, investigators were still able to connect the dots during an investigation. These payments did not scale well for big cybercriminal operations, especially those outside of the United States. In order for ransomware attacks to be more lucrative, a better method of transferring funds was required.
Now, thanks to the creation of cryptocurrencies such as Bitcoin and Ethereum, cyber criminality has become a whole lot easier. Cryptocurrencies such as Bitcoin are borderless digital currencies that do not involve governments or intermediaries and their value is not determined by a central bank. It is a decentralized currency that is completely anonymous, yet highly secure as each transaction is encrypted and the currency cannot be counterfeited. Anyone can exchange these currencies with anyone in the world with no concern of exchange rates, hidden fees or delays.
Bitcoin transactions are logged in what is called a blockchain that is a distributed public ledger that contains the history of every bitcoin transaction. These blockchains are managed by “miners” as they are called, which perform these functions in exchange for payment. Cryptocurrency transactions are fast, inexpensive and irreversible. Because a Bitcoin transaction cannot be undone, losses cannot be recovered which is a key attribute that benefits scammers. Those who want to make cryptocurrency transactions must possess a digital wallet, which stores a private key and coincides with the public key of the currency. Bitcoin is the most recognized cryptocurrency but there are actually more than 700 of them in circulation today. The legitimacy and popularity of Bitcoin has not gone unnoticed by some retailers, which are now accepting Bitcoin for retail transactions.
The anonymity of Bitcoin and other cryptocurrencies attracts libertarian-minded individuals, those who peddle in the black markets of the dark web and those that deal in extortion based criminalities such as the distribution of ransomware. Since cryptocurrencies are not regulated, there is no one who can investigate fraudulent or illegal engagements of the currency. The FBI has reported enormous growth in the number of cases using cryptocurrencies such as Bitcoin and newer currencies such as Merano. Merano is growing in popularity with cybercriminals and hackers due to its enhanced privacy features. If we compare the increase of ransomware attacks with the increased value of Bitcoin over the last twelve months, we find they both have experienced growth rates of between two-thousand and six-thousand percent. Coincidence? Combine the anonymous nature of cryptocurrency with the ease to which just about anyone can become a cybercriminal today thanks to readily available tools such as Ransomware-as-a-Service and you have a perfect storm.
These cryptocurrencies such as Bitcoin and Merano are now the legal anonymous tender used by hackers in their ransomware attacks. In the recent Kirk ransomware attack Monero cryptocurrency was requested not Bitcoin. With Monero the embedded code is very efficient and is the creation of a team of skilled programmers. The Monero cryptocurrency exponentially grew by 27-fold in 2016 and is beginning to establish itself as a viable alternative to the default cryptocurrency leader. Its growing popularity amongst the dark web black market is due to its increased steal ability which makes it more private and elusive.
It is these factors that make Monero the first choice amongst sinister characters such as drug and gun dealers on the dark web. Perhaps the developers of Kirk believe that Bitcoin has become too mainstream, especially with the interest of public investors who are looking at Bitcoin as a financial venture. In the short term, ransomware developers run the risk of users becoming even more confused concerning the process of actually how to pay the ransom with multiple cryptocurrencies being utilized. Kirk developers are currently demanding a ransom of 50 Monero at the outset of the attack which is roughly $1,072 (£867). The fee increases as time goes on until upon the 31st day of the infection, the decryption key is permanently deleted as stated in the ransom note.
Ransomware attacks have become so prevalent today that many financial institutions such as European banks now stockpile bitcoin as a hedge against ransomware attacks in order to speed the recovery process of an attack. All of this has helped to drive up the value of Bitcoin, which some argue, propagates its popularity even more.
The skyrocketing value of cryptocurrencies has caught the attention of the public at large and has induced many to try to take advantage of the “easy money” that seems to be made currently. Because cryptocurrency is such a new phenomenon, most people know very little about it, making them highly vulnerable to frauds and misdealings. This situation has resulted in another perfect storm that scammers and cybercriminals are now taking advantage of them. Bitcoin scams can now be readily seen on social media sites such as Facebook or Twitter, targeting those interested in buying and selling Bitcoins for profit. Some of these ads simply promote a hyperlink that when clicked, deploys malware onto the device of the unsuspecting user.
Cryptocurrencies are also a growing allure of phishing attacks as well. Users receive emails that direct them to websites that impersonate existing initial coin offerings (ICO) sites. Because users are unfamiliar with the actual domain names of these organizations, typosquatting attacks are more effective. Phishing attacks that attempt to entice users to enter their Bitcoin keys are also becoming more frequent. Once the key is entered, the victim’s wallet is emptied.
Cryptocurrenies are becoming mainstrean with the University of Ohio hosting classes about Bitcoin and other cryptocurrencies on its MFE curriculum. Some companies are seeing investment opportunities in the currency, further fueling its passage to mainstream acceptance and usage. Whether cryptocurrencies will be the new norm in the future, it’s too soon to tell. But we are seeing a widening appeal for these currencies outside of the cybercriminal world.
Are you an IT professional that wants to ensure sensitive data and devices are protected? Talk to a specialist, email us at email@example.com with any questions.
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555Contact Us