Blending fear with vaguely understood trends is a great starting point for instilling panic and mass hysteria.
For cybersecurity professionals and the various evolving threats they face, the fear factor has shown value in protecting their organizations…and has been used ad nauseam. But does the IT community always judge potentially dubious relationships correctly? And more importantly what happens when reality paints a more complex picture?
Attempting to understand the nuance between a real threat and mislabeled correlation this blog will dive into one of the most public debates in regards to the spread and popularity of Ransomware attacks, what role have cryptocurrencies played in the vast increase in scale and scope of ransomware attacks in the past 5 years.
Timeline of destruction
Ransomware’s origin story, much like the teenage mutant ninja turtles, bad hair, shoulder pads, and a dramatic excess of zippers, has its basis in the late 1980s. While the shoulder pads may have lost their momentum, ransomware has evolved with a dizzying level of complexity and market-ready permutations.
From 1989, when Dr. Joseph L Popp, a disenfranchised AIDS researcher, and illicit cyberpioneer introduced ransomware to the world stage to today, the fundamentals of the attack remain. The execution and complexity of the avenue have shifted with nearly endless complexity but the goals remain crystal clear extortion and power.
Much like today’s cascade of ransomware attacks, in the beginning, the seemingly benign doctor used his medical credentials as the hook, “Popp mailed every victim an infected floppy disc, labeled as “AIDS Information Introductory Diskette,” using hijacked mail subscriber lists to the World Health Organization AIDS conference and PC Business World magazine in December 1989.”
While Dr. Popp may have personally sent his malware on floppy disks to a predetermined list of potential victims, modern cybercriminals have leveraged the internet to enable their attacks to have resonated on a scale only felt by military incursions and acts of God.
Important to note here is that ransomware’s wave of destruction did not begin in 2020 or even in the year 2000 but in 1989. Far removed from universal internet access, digital transformation, or the rise of cryptocurrencies, the framework of this vector was already well established.
What is fundamentally increasing ransomware attacks?
This is a spoiler…..
As much as anyone would like to place one pin as the central cause for the massive spike in ransomware attacks nothing is so black or white. From poorly trained staff struggling to manage the seemingly never-ending string of needlessly complex cyber risk directives to vulnerable endpoints, out-of-date systems, and a completely disconnected cybersecurity strategy (if any) there isn't just one element that has pushed ransomware into the upper echelons of threat vectors.
Not every factor plays equally into this equation. Depending on the size and limitations of your organization different pieces may lead you towards an undesirable intersection of risk and illicit hacking. And more importantly for this conversation, these accumulated factors don't necessarily all lead to crypto bringing internal vulnerabilities to light.
Does the timeline check out: Yes Does the correlation hold strong: not necessarily
The Diplomatic Courier puts it more succinctly, “for cyber terrorism and warfare to work, inherent cyber vulnerabilities are where the threat begins and fear and panic is where the real costs end. As with bank runs, mutualizing both the costs, the countervailing measures, and threat information sharing, among other areas, calls for new structures for strategic risk-sharing and resilience.”
So that’s all well and good but the headlines keep telling a different story.
Is there any consensus on the role of cryptocurrency in ransomware attacks?
According to a recent report by the US-based Ransomware Task Force, “The explosion of ransomware as a lucrative criminal enterprise has been closely tied to the rise of Bitcoin and other cryptocurrencies, which use distributed ledgers, such as blockchain, to track transactions.”
This analysis seems a bit too cut and dry for my pallet.
The U.S. Department of the Treasury takes the threat a bit more into context as it has “focused on the role of cryptocurrency or virtual currency exchanges, issuing multiple advisories encouraging exchanges to incorporate ransomware-related risks into their anti-money laundering programs.” Notice the Dept of the Treasury is using cryptocurrencies to track the movement of illicit funds. This seemingly bucks the idea that crypto is an impenetrable element of the ransomware transaction. If anything it may have become the Achilles heel in stopping illicit players from scaling their attacks.
The nuance is better articulated by Nick Biasini, Head of Outreach for Cisco Talos.
Biasini says it clearly when he states “Cryptocurrency is like gasoline on a fire that was already burning. It was there already but now look at the size of the flame. Cryptocurrency plays a role in that because it is a very easy mechanism that exists today for monetization.”
Why has the media decided crypto is the cause of heightened ransomware attacks?
There are several distinct reasons why the media, and voices on the internet cling to the strong relationship between ransomware attacks and cryptocurrency.
Nearly all ransomware attacks are now requesting crypto payments
Cryptocurrency payments for ransomware leave a critical and detectable money trail (traceable for any knowledgeable party to find within a few minutes) including all transactions of the token.
As a direct result of the trail left by cryptocurrency payments, law enforcement has achieved noticeable wins in combating threats, including U.S. election interference.
More corporations and organizations are publicly acknowledging both cyber-attacks and, in some cases, that they paid the crypto ransom.
It’s easier to blame cryptocurrencies than to place proper accountability on the complexities of IT and Cybersecurity
Reality or what we want to hear?
While it’s easy to place blame on a single factor leading to the rise of ransomware attacks, it's just not that simple.
Between the endless complexity of security vulnerabilities, integrated or poorly integrated solutions, and the often overwhelmed and outgunned staff attempting to just do their jobs, the sheer quantity of elements influencing the rise in ransomware may be too much to fathom. With that said the relationship between ransomware attacks and their payment de jour appears less linked in fact and more directed by practicality.
True, nearly all ransomware attacks are now requesting payment in cryptocurrency. But that doesn't mean your company will be more or less susceptible to attack because bitcoin is being demanded.