Cyber Security

A Ransomware Revolution?

Though cryptocurrencies have never been marketed as a stable investment, the recent turmoil across exchanges has led to significant speculation over the future of crypto and what that future may mean for cybersecurity.

Ransomware criminals receive payment via cryptocurrencies to avoid being traced and maintain anonymity. The US Ransomware Task Force said that the “explosion of ransomware as a lucrative criminal enterprise has been closely tied to the rise of Bitcoin and other cryptocurrencies, which use distributed ledgers, such as blockchain, to track transactions.” 

In analyzing data on the growth of cryptocurrencies and the increasing damages caused by ransomware attacks, the two line up well. In 2015, ransomware caused around $6.5 billion in damages. At the same time, crypto was negligible in its share of the market- practically nonexistent. In 2017, there is a significant jump in both, a trend that follows through today. 

It would be easy to think that ransomware and cryptocurrencies are linked looking at this. Ransomware predates crypto by over 20 years, but is its explosion because of the introduction of this new form of fairly untraceable payment or did the two happen to coincide? If the answer is the former, will the significant insecurity in the crypto market following massive heists, scandals, and overall griftiness impact the ransomware market?

Our experts at Consortium Networks do not believe that the ransomware market will be dramatically impacted as some have argued. Though the two are linked, there simply are no other options for sending large amounts of money. These criminals will continue operations to fund their organizations (or themselves) regardless of how uncomfortable it makes their victims to hold the currency. The only losses ransomware groups are likely to see with collapsing crypto exchanges like FTX and BlockFi is the money still held in the exchange. As long as ransomware groups move quickly once payments have been made, they are not likely to see an impact on their bottom line and, therefore, are unlikely to change their behaviors.

So is there any hope for the end of ransomware? Maybe. Unfortunately, as in most things, there is no silver bullet here. Our experts see a few paths forward that will dent the industry enough to impact the decision calculus, and may, over time, in addition to the continued strengthening of defensive systems, chip away at this problem. 

First, rather than going after the exchanges themselves, target regulation towards ancillary services like botnets, hosts, and initial access brokers. If regulators can make ransomware facilitators pariahs that aren’t worth doing business with, it will limit the options available. Additionally, know-your-customer regulation would play into this space, requiring exchanges to do greater due-diligence that would deter criminal groups.

Greater oversight and visibility can impact the market as well. The Netherlands recently proposed a system to track all crypto transactions over €100 in an effort to curb the cost-benefit of paying a ransomware payment. Though this proposed legislation raises many concerns over mass surveillance and privacy, the idea of expanding oversight on this industry is a good one.

The area with the greatest potential for this increased oversight and regulation is at the end of the line. The cash-out step of the process is the most vulnerable and if regulators could make this step more dangerous for criminal actors, perhaps the risk of being caught holding the bag would have an impact on the market.

Whatever path regulators decide to take forward, it must be done on a global scale. The global nature of ransomware and the ease at which companies can relocate to different countries with different regulatory environments requires a multilateral approach to solving this issue. The White House International Counter Ransomware Initiative Summit is a good example of the way that states will need to come together to fight this problem. However, this cannot be an annual conversation that is put to the side throughout the rest of the year.

Combating ransomware will require consistent, international cooperation and will not be solved solely through the self-implosion of cryptocurrency exchanges.