Bitcoin extortion: How cryptocurrency has enabled a massive surge in ransomware attacks


The deactivation of Colonial Pipeline operations last week underscored the threat that malicious hackers pose to critical infrastructure in the US and highlighted the usefulness of cryptocurrency for cyber criminals who seek to extort large sums of money in an efficient and easy-to-hide manner.

The episode is likely to spark even greater interest in regulating Bitcoin BTCUSD, + 0.82%, and other cryptocurrencies as law enforcement try to track down the culprits and policymakers hope to prevent similar attacks again, according to Yonatan Striem-Amit , Chief Technology Officer at cybersecurity company Cybereason.

“There is a war going on over how Bitcoin should be regulated,” he said in an interview with MarketWatch. “We don’t yet have an equivalent for anti-money laundering laws in cryptocurrency as we have for the existing financial system.”

The Wall Street Journal and other outlets reported that Colonial Pipeline paid the hacking group, which is affiliated with a criminal ransomware company called DarkSide, around $ 5 million to restore their stolen data. Experts told MarketWatch that the payment was likely made directly to a criminal company’s digital wallet – a method that would make it difficult for authorities to track down the culprits. A Colonial Pipeline spokesman declined to comment on the payment as the matter is the subject of an ongoing investigation.

The Ransomware Task Force, an international coalition of government officials, private sector technologists, and law enforcement agencies, found in a report released last month that cryptocurrencies are “increasing” the challenge of tracking down ransomware criminals because of the “limitless” nature of these types of digital money .

“The cryptocurrency community is specifically focused on building a range of technologies to reduce compliance and financial litigation costs,” the report said. “After hiding the extorted funds, ransomware criminals can either withdraw the funds for cash or, as cryptocurrencies are becoming more common (and their value has steadily increased), keep their profits in cryptocurrency and use them to pay for other illegal activities.”

The Task Force recommended that regulators broaden their definitions of which companies must comply with anti-money laundering and customer knowledge rules. In 2019, the Treasury Department, the Securities and Exchange Commission, and the Commodity Futures Trading Commission defined crypto exchanges as money service providers and therefore subjected them to these rules.

However, exchanges based in countries outside of the United States and other services that enable the transfer of cryptocurrency are not monitored by these regulators. Tom Robinson, co-founder and chief scientist of blockchain analytics and compliance firm Elliptic, told MarketWatch that regulation that is too aggressive could simply mean more activity for these services. “There are ways to buy bitcoin without going through regulated exchanges and you would just push people into these unregulated services,” he said.

Robinson added that due to the decentralized nature of cryptocurrency, international collaboration is paramount in catching bad actors. Because the payment was reportedly made in Bitcoin rather than privacy-conscious currencies like Monero, Robinson says law enforcement officials can better keep track of where the Bitcoin ransom went and where it will ultimately be spent.

The Biden administration has stated that it believes the hack was perpetrated by cyber criminals in Russia, a country where relations with the United States are frayed and no extradition treaty in place, making it even less likely that American law enforcement officers will find the perpetrators get my hands on someday.

It is possible that the Russian government is also taking this episode seriously. Cyber ​​intelligence company Intel 471 said in a blog post on Friday that in the past 24 hours it has “observed numerous ransomware operators and cybercrime forums either claiming their infrastructure has been taken offline or changing their rules or ransomware has given up entirely due to the large number of ransomware that has received negative attention over the past week. “However, it is not certain where these criminals are or why this infrastructure is shutting down.

Ransomware attacks remain a growing threat to private and public institutions around the world. According to Reuters, the Irish health service had to shut down its IT systems on Friday due to a ransomware attack.

According to Chainanalysis 2021’s Crypto Crime Report, the total amount of cryptocurrency criminal transactions decreased dramatically in 2020 compared to 2019, but this activity is increasingly being driven by ransomware attacks.

Last year, ransomware made up just 7% of all funds received from criminal addresses with a cryptocurrency valued at just under $ 350 million. However, this figure corresponds to an increase of 311% compared to 2019, ”the report said. “No other category of cryptocurrency-based crimes rose so dramatically in 2020 as work-from-home measures initiated by Covid opened up new vulnerabilities for many companies.”