Don’t blame crypto for ransomware


Hackers will keep hacking as long as organizations are vulnerable — crypto is not an exception.

Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel.

In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, the focus often begins to turn toward cryptocurrency and how its perceived anonymity helps to increase ransomware attacks, inspiring more cybercriminals to get into the game.

However, taking a look at the macro picture of cybersecurity attacks, we see some trends that have been emerging. For example, losses from cyberattacks grew 50% between 2018–2020, with the global losses adding up to over $1 trillion. It’s an unavoidable conclusion that speaks to the pervasiveness of security vulnerabilities available to exploit.

Related: Report on crypto exchange hacks 2011–2020

The rise in cybercrimes is also spurred on by the availability of ready-made, off-the-shelf malware easily found on the dark web for those with little skill, but who still want to profit off of the free-money opportunities unsecured organizations present. Importantly, criminals themselves have continued to evolve their strategies to evade defensive security tactics, techniques and procedures (TTPs) to ensure they can continue to be profitable. Should cryptocurrency no longer be a viable option for payment, attackers would almost certainly pivot to a different payment approach. The thought that they would simply stop attacking these organizations without crypto defies credulity.

The “root cause,” if you will, of these events is not the payment method used to reward the criminals, it is the security gaps that enabled them to breach the enterprise and, obviously, the fact that there are criminals out there committing these crimes.

With ransomware trending itself (and within the DarkSide attack), we see this ever-shifting modus operandi demonstrated. In the early days of ransomware, it was relatively cut and dry: A cyberattacker finds a way into the enterprise — most often via a social engineering attack, such as a phishing email or unsecured remote desktop protocol — and encrypts the victim’s files. The victim either pays the ransom via a wire transfer or crypto, and in most cases, gets the decryption key, which usually (but not always) decrypts the files. Another alternative is that the victim chooses not to pay and either restores their files from a backup or just accepts the loss of their data.

Cyber attack’s tactics

Around late 2019, more enterprises were prepared with backup strategies to meet these threats and declined to pay. Ransomware actors, such as the Maze ransomware group, emerged, evolved and shifted tactics. They began to exfiltrate data and extort their victims: “Pay, or we will also publically publish sensitive data we stole from you.” This greatly escalated the costs of a ransomware attack, effectively turning it from a company issue to a notification event, requiring data discovery, even more legal counsel and public scrutiny, while demonstrating the attacker’s determination to find ways around impediments to payment. (DarkSide, which is believed to have been the group behind the Colonial Pipeline attack, is an extortionate group.) Another trend, as cited in the report above, is the increased targeting of victims, finding those who are able to pay higher dollar amounts, as well as those with data they would not like to see shared publicly.

Cyberattackers will keep evolving their tactics as long as there is someone or some organization to attack; they have been doing so since the beginning of hacking. Before crypto and even cybercrime, we had dropping cash in a bag at night and wire transfers as options for anonymous payments to criminals. They will keep finding ways to be paid, and the benefits of crypto — financial freedom, censorship resistance, privacy and security for the individual — far outweigh the downside of its attractiveness to criminals who may find its convenience appealing. Vilifying crypto will not eliminate the crime.

It may be difficult, even (likely) impossible, to plug every security gap in the enterprise. But too often, security fundamentals are skipped, such as regular patching and security awareness training, which go a long way to reduce the risk of ransomware. Let’s keep our eye on the target — the enterprise — and not the prize — crypto. Or, we may be blaming fiat for all other financial crimes next.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Michael Perklin is the chief information security officer at ShapeShift, where he oversees all product, service and enterprise security practices while ensuring they adhere to or exceed industry best practices. With over a decade of experience in blockchain and crypto, he leads a team that ensures security best practices are employed using both cybersecurity and blockchain-specific methodologies. Perklin is the president of the CryptoCurrency Certification Consortium (C4), has served on multiple industry boards, and is a co-author of the CryptoCurrency Security Standard (CCSS), which is used by hundreds of global organizations.

Leave a Reply

Your email address will not be published. Required fields are marked *


Legacy banks should learn about staking and DeFi or risk extinction


As Microsoft Azure closes shop, ConsenSys Quorum opens up to new users