Skip to content

Cryptocurrency ransomware is spreading like wildfire

June 19, 2020

Ransomware attacks with cryptocurrencies have increased significantly in the past two years. Bad actors are not only refined, but also facilitate access to less demanding ones. According to experts, such cryptocurrency crimes are particularly common in the midst of the corona virus pandemic. But How does it all relate and what can industry do to eradicate it?

Like all groups, the crypto sector also has a share of bad apples. Since 2018, ransomware attacks have increased by 200% worldwide. To make matters worse, the software required for such attacks is widespread on the Dark Net.

The situation in Singapore is at its peak. The so-called “crypto-hijacking” cases – a ransomware method in which criminals confiscate devices to mine cryptocurrencies – They rose by 300% in the first quarter of 2020 compared to the previous year. For the cyber security company Kaspersky, the increasing difficulty of mining and the associated increase in electricity costs is the cause of the problem. For the reasons why Singapore is disproportionately affected, Kaspersky suggested that the country’s high internet performance may attract bad actors.

Cryptocurrency ransomware is spreading like wildfireCryptocurrency ransomware is spreading like wildfire

But it is not a localized phenomenon at all. According to the “Incident Response and Data Breach Report 2020” by the cyber security company Crypsis Group Ransomware attacks have more than doubled in the past two years.

COVID-19 appears to have been a blessing for cybercriminals. During a recent meeting of the United States House of Representatives The FBI has seen a 75% increase in daily cyber crimes since the onset of the corona virus. Expert Tom Kellermann, head of VMware’s cybersecurity strategy, also led an unimaginable 900% increase in ransomware attacks between January and May 2020.

Thomas Glucksmann, Vice President for Global Business Development at Blockchain Merkle Science, explained this in an interview with Cointelegraph The escalation of ransomware and data hijacking attacks could be attributed to the exploitation of anxiety-related pandemics through thematic campaigns against COVID-19.

“These campaigns include email or websites promoting counterfeit treatments, government information, and applications that trick users into downloading malicious software that infects devices and can be used to compromise data and networks (via ransomware) and power the computer (cryptojacking) “.

Refinement of ransomware attacks

Along with an increase in attacks came more sophisticated techniques and modifications. This includes Ryuk and Sodinokibi – also known as “REvil”. These particularly insidious ransomware software variants deny users access to their device, system or file until a ransom is paid. Both Ryuk and REvil are designed to use business networks. The law firms Fraser, Wheeler Courtney LLP and Vierra Magen Marcus LLP discovered him the hard way.

Both companies were victims of the REvil ransomware attack by the group of the same name. The official REvil blog will take place on June 6thAnnounced the auction of more than 1.7 TB of data seized from the companies’ databases. The list included information from both private companies and customers, including business plans and patent agreements from companies from Asus to LG. The auction start price for Fraser, Wheeler Courtney data has been set to $ 30,000 to be paid in Bitcoin (BTC) only. REvil found that the files would be published anyway if the price was not reached.

This is not the first time REvil has made headlines. The group previously hit Grubman Shire Meiselas Sacks – the law firm associated with music stars like Madonna, Lady Gaga and Nicki Minaj. However, after receiving no payment, they appear to have changed the way they work and increase their victims’ bets through public auctions.

Another group of ransomware attacks known as “Maze” went one step further and targeted the government-owned airline ST Engineering Aerospace. Maze received approximately 1.5 TB of data from the organization, of which 50 GB soon reached the dark network. A notable aspect of this attack was that the ransomware was initially undetectable. Another particularly nasty and almost imperceptible type of ransomware, aptly nicknamed “STOP”, encrypts the victim’s entire system and requires payment in return for the decryption.

No wonder Ransomware detection and decryption software is becoming more commonBecause it provides a way to fight and decrypt files that attackers cannot access.

However, the bad actors misrepresent this in their favor by disguising ransomware software as ransomware decryption software. Instead of decrypting files infected by the ransomware attack, the fake software encrypts them even more, ensuring that victims have no choice but to pay or suffer permanent data loss.

Ransomware as a service

Not only highly developed cyber organisms have access to these tools. To make matters worse, ransomware software is sold openly on the Internet. Ransomware-as-a-service hackers, or RaaS for short, sell their franchise to tech-savvy criminals.

Glücksmann noted that while most RaaS offerings are useless, this new trade-related crime supports the ransomware epidemic: “Not all of the malware on sale is really usable, but the existence of these services shows how malware has become such a common commodity and threatSimilarly, the analytics company positioned Blockchain Chainalysis RaaS as the reason for the recent surge in attacks. Kim Grauer, head of research at Chainalysis, told Cointelegraph:

“We suspect that the spread of ransomware as a service (RaaS) is contributing to the increase in ransomware attacks. Many attackers who develop ransomware technology are now allowing less experienced attackers to rent access, just like a company I would pay a monthly fee for software like Google’s G-Suite. “The main difference is that the ransomware developers receive part of the money with every successful attack. “

Fortunately, law enforcement agencies are beginning to gain an edge. According to the cyber security company Trend Micro The official takeovers of several dark network markets have raised doubts among criminals. With darknet data in the hands of law enforcement, protecting anonymity has been a major crime concern, resulting in a significant decrease in darknet sales.

However, Grauer believes the decline was not large enough since Darknet’s market revenue has already reached $ 790 million: “We’re not in the middle of 2020 yet, but the dark net market revenue is already more than half the 2019 figure“”

Are things really that bad?

Cryptocurrencies are often stigmatized as tools for corruption. This stereotype has dominated crypto narrative over the years, deformed as a practical attack vector for cryptocurrency critics. As the evidence suggests, this narrative is not entirely correct.

Related: Criminal activity in the crypto world: reality, fiction and context

The association of the industry with illegal activities began – like everything else in the crypto world – with Bitcoin. According to Tom Robinson, co-founder and chief scientist of the blockchain elliptic analysis company, criminal activity in the early days of cryptocurrencies accounted for more than a third of all Bitcoin transactions by 2012. That number has changed dramatically since then, as Robinson Cointelegraph said:

“The absolute level of criminal use of cryptocurrencies may have increased, but the general use of cryptocurrencies has increased more quickly. According to elliptical figures, 35% of all Bitcoin transactions in value were activities related to crime in 2012 – at that time it was largely illegal trading on the Black market of the Silk Road. Today illegal bitcoin transactions account for less than 1% of all bitcoin transactions. “

However, a ciphertrace report suggests that 2020 could be a record year for crypto theft, piracy, and fraud. It is too early for Grauer to call it that. “If we look at all of the illegal activity this year, we see that it is actually rather low compared to last year.”Kennedy added: “Fraud cases could increase dramatically in the second half of the year.”

Total share of crypto exchanged by illegal entities

Avoid ransomware attacks

As a result, more than ever, ransomware attacks are using different methods to avoid getting caught. “”It is important that people and organizations stay informed of emerging threats and techniques“We can help cyber teams quantify and prioritize the threat landscape and identify emerging actors and those who dominate the scene.” With some practical advice, Glücksmann advocated a certain level of paranoia for every email. suspicious looking email, website, application or contact request.

“If you make sure that all personal and business online services are protected by multi-factor authentication, it can also be difficult for a hacker to get your encrypted data or cryptocurrencies, even if they somehow endanger your device. To configure With stronger multi-factor authentication, I would recommend a hardware token instead of a mobile device. “

“”Do not pay the ransom as law enforcement agencies in many countries may view it as illegalGlücksmann hurried to add.