Cryptocurrencies: Cyber attacks, once mere theoretical possibilities, have now become a grave threat to modern society. While ransomware attacks have become commonplace, some recent high-profile incidents have thrust them into the limelight.

Ransomware payments

4imag journalists are constantly working on showing you the landscape of an escalating crisis. As recent surveys show, ransomware payments have surged to staggering heights.

Ransomware, as Adam Young and Moti Yung described in 1996, involves a three-stage attack: breaching defences, encrypting files, and demanding a ransom for the decryption key. Unfortunately, the victims are often left with no choice but to pay, with ransoms reaching the millions.

According to The Conversation, “According to one recent survey, ransomware payments have nearly doubled to US$1.5 million (£1.2 million) over the past year, with the highest-earning organisations the most likely to pay attackers. Sophos, a British cybersecurity firm, found that the average ransomware payment rose from US$812,000 the previous year. The average payment by UK organisations in 2023 was even higher than the global average, at US$2.1 million.”

The National Cyber Security Centre (NCSC) also sounded a cautionary note in 2022, urging organisations to fortify their defences against potential state-sponsored cyber attacks, a warning triggered by the geopolitical tensions related to Ukraine.

Organisations of all kinds are affected

Schools, hospitals, businesses, and even charities worldwide face threats nowadays. These attacks come at a significant cost, affecting small businesses and industry titans.

The evolution of ransomware from a theoretical threat to a highly organised criminal enterprise should raise serious concerns. These cybercriminals have fine-tuned their tactics, perfecting malware attack vectors, negotiation strategies, and the structure of their criminal enterprises.

This article focuses on the actual financial motives, often linked to major ransomware groups and nation-states. The level of effort invested in negotiation, support for ransom payment, and money laundering services differentiates these from politically motivated attacks.

The ransomware evolution journey

The origins of ransomware trace back to the 1980s with the AIDS or PC Cyborg Trojan virus. Joseph Popp, a Harvard-taught evolutionary biologist, is credited with this invention. The rudimentary encryption employed, however, left significant room for retrieval, a shortcoming that was rectified with the 2013 CryptoLocker attack.

This marked the advent of ransomware-as-a-service, democratizing access for aspiring cyber criminals. Dark web markets became thriving hubs for illegal exchanges, further driving the evolution of ransomware strategies.

The era of double extortion, exemplified by attacks like Netwalker and REvil/Sodinokibi, emerged as a menacing tactic. Hackers encrypt files and exfiltrate sensitive data, adding an extra layer of leverage in negotiations.

The next frontier: cryptocurrency exploitation

In recent years, cryptocurrencies have adopted a “proof-of-stake” consensus mechanism, replacing the energy-intensive “proof-of-work.” This paradigm shift introduces a novel threat for ransomware attackers, who can now target validators, exploiting their significant stakes in the system.

Ethereum, a prominent player in the cryptocurrency space, stands as a prime example. With staking pools overseeing large numbers of validators, the potential ransom demands could reach the millions. This threat, while in its infancy, highlights the need for stringent security measures within the staking pool industry.

Bitcoin, the pioneer of cryptocurrencies, has been the currency of choice for ransom payments, which is also another aspect. Its decentralized nature and pseudonymous transactions make it an attractive option for cybercriminals looking to anonymize their activities. Other cryptocurrencies, such as Monero and Ethereum, have also found favour due to their enhanced privacy features. While decentralization is one of the hallmarks of cryptocurrencies, it also poses significant challenges when it comes to tracking and recovering ransom payments. Once a ransom is paid, it becomes exceedingly difficult to trace the flow of funds, enabling criminals to evade law enforcement.

As ransomware continues to evolve, it becomes evident that preemptive measures are paramount. Awareness, robust cybersecurity practices, and comprehensive recovery strategies are crucial elements in the fight against this evolving threat. We hope to protect our digital future only by understanding and staying ahead of these criminals. 4imag is dedicated to keeping you informed of this ongoing issue.