COVID-19, Endpoint Detection and Response (EDR), Endpoint Security
Sadly, ransomware profits increased 311% from 2019, Chainalysis reports
Mathew J. Schwartz (euroinfosec) •
25 January 2021
Ransomware now dominates the cybercrime landscape, and one of the measures of its continued success has been the increase in funds into cryptocurrency wallets controlled by criminals.
See also: Top 50 Security Threats
Even so, here is some good news on the cybercrime front: “Cryptocurrency-related crime has dropped significantly in 2020,” reports blockchain analytics firm Chainalysis.
This is despite the value of bitcoin which topped $ 28,000 by the end of 2020, before hitting a record high above $ 40,000 in early January.
“In 2019, criminal activity accounted for 2.1% of all cryptocurrency transaction volume, or about $ 21.4 billion in transfers,” Chainalysis reports. “In 2020, the criminal share of all cryptocurrency activity fell to just 0.34%, or $ 10 billion in transaction volume.”
What is behind the decline in criminal activity in all cryptocurrency transactions? One of the reasons is that more and more non-criminals are using bitcoin. “Global economic activity almost tripled between 2019 and 2020,” Chainalysis reports. In addition, the overall volume of scams has declined, he found.
Ransomware profits increase by 311%
Sadly, crime related to darknet markets increased from 2019 to 2020, while profits from ransomware simply increased. “Ransomware made up only 7% of all funds received by criminal addresses, for just under $ 350 million in cryptocurrency,” Chainalysis reports. “But this figure represents a 311% increase from 2019. No other category of cryptocurrency-based crime has increased so dramatically in 2020.”
A ransomware pilot may have been the massive shift to remote working, driven by criminals seeking to exploit potential vulnerabilities in corporate infrastructure due to the COVID-19 pandemic, it adds.
The problem is probably much worse than what researchers can currently calculate. Experts say that unless ransomware leads to the exposure of personal data, thereby triggering data breach notification rules, many incidents – and gains – are never reported publicly.
“Ransomware estimates should always be considered lower bounds due to underreporting, and … the 2020 figure for total ransomware payments will likely increase as we identify more addresses associated with different strains, especially in the last months of the year, ”explains Chainalysis.
Security researchers Brian Carter and Vitali Kremez, for example, recently identified 61 bitcoin addresses used by Ryuk ransomware operators and affiliates, and found their wallets to contain more than $ 150 million.
Another example: Chainalysis previously reported that criminal activity in 2019 only represented 1.1% of all cryptocurrency trading volume. Since then, however, he has identified more wallets linked to criminal activity, leading him to update the figure to 2.2%.
Why Criminals Still Love Cryptocurrency
Although the total cryptocurrency funds received by illicit entities declined in 2020, according to Chainalysis, it still has not disappeared and shows no signs of doing so.
Criminals continue to love cryptocurrency – with bitcoin still dominant – as the use of digital currency pseudonymizations allows them to easily receive funds from victims. The cryptocurrency also supports darknet market transactions, with many markets offering escrow services to help protect buyers and sellers from fraud.
Using cryptocurrency, criminals can access a variety of products and services, such as copies of malware or hacking tools, complete sets of credit card details called fullz, and tumbling services or mix provided by a third party service or technology that will launder bitcoins by trying to mix them by routing them between many addresses. Criminals also used a legitimate concept called ‘coinjoin’, which is sometimes embedded in cryptocurrency wallets as a feature. It allows users to mix virtual coins while paying for separate transactions, which can complicate attempts to track individual transactions.
Intelligence and law enforcement agencies have some closely related ability to correlate the receipt of cryptocurrency with deposits made to personal bank accounts. But whatever information they might have, it hasn’t been enough to track down and bill all the criminals using the cryptocurrency, many of whom live in jurisdictions Western governments can’t reach, like Russia. .
In the meantime, extortionists using ransomware have carried out increasingly sophisticated operations. A measure of this is in the level of sophistication exerted by groups such as Sodinokibi, aka REvil.
“One of the most prolific groups right now, the REvil ransomware gang, actually had an insider who took to the media and reversed some of their operations and basically explained how they work.” , says Greg Foss, senior cybersecurity strategist. at VMware. “This is how we learned more about their income structure and the number of people who make up these organizations.”
REvil and other groups, including the now-defunct Maze – who appears to have derived from Egregor and may have close ties to the Russian government – are increasingly recruiting specialists in many areas, ranging from penetration of the network and encryption to negotiations and work. with cloud-based data.
Time to ban ransom payments?
Governments did not sit still. Regulators in some countries, for example, have pushed cryptocurrency exchanges to improve their reporting and compliance with anti-money laundering laws. Law enforcement has also cracked down on mixing sites, darknet markets and more.
Some experts, however, say much more needs to be done. Ciaran Martin, who until last August was the CEO of the UK’s National Cyber Security Center, which is the public arm of the GCHQ intelligence agency, argues that ransom payments may need to be banned outright and simply or at least much more heavily regulated.
In Britain, as in other countries, paying a ransom – except to terrorists – is generally not illegal. But Martin tells The Guardian that a regret in his time as UK cybersecurity chief is not updating laws to better regulate payments to extortionists, especially as ransomware profits have exploded. As a result, he calls for urgent legal overhaul, including of the insurance industry, as a large part of the profits from cybercrime are funded by victims’ cyber insurance payments.
“Over the past year, experts say this is about to get out of hand,” says Martin. “The law is no one’s fault, it was written for another purpose, but it has become acceptable to pay criminals.”