Crypto's collapse isn't solving the ransomware problem
It's going to take more than a months-long cryptocurrency free fall to squash the mounting ransomware problem, cyber incident responders and threat analysts tell Axios.
Why it matters: Companies have been struggling to fight off an abundance of ransomware hackers in recent years, but recent optimism over a crypto-crash-fueled drop in attacks might be short-lived.
- During a ransomware attack, hackers gain access to a company's network (often through phishing links in emails), infect them with malware that encrypts the entire organization's files and then demand payment to unlock the system.
- Ransomware hackers typically specify payment in crypto to keep transactions anonymous and difficult to trace.
State of play: Since November, the cryptocurrency market has lost at least $1 trillion in value. Some cybercrime experts and recent reports have been optimistic that the crash and increased U.S. government focus on the ransomware ecosystem could turn the tide against these attacks.
- The thinking goes, if crypto doesn't have as much value, hackers might not get as much money and turn to other cybercrimes.
- Some researchers and analysts have also attributed a recent dip in ransomware attacks to the crypto decline.
The intrigue: Even with crypto's decline, most companies are still facing the same steady number of attacks and paying up, according to negotiators, incident responders and threat analysts who spoke with Axios.
- A Sophos report released in April found that 46% of companies paid ransoms in 2021, up from 32% in 2020.
- Victims are mostly paying up when faced with a ransomware technique known as “double extortion,” where hackers threaten to leak any stolen company information from the attack unless the company pays up, says Drew Schmitt, an analyst at cyber consulting firm GuidePoint Security.
Between the lines: Crypto is still hackers’ best bet for pseudonymous transactions, and volatility has yet to dissuade them from relying on the currencies for payment.
- Ransomware gangs only rely on crypto for anonymity and easy money laundering — not because they see crypto as a great investment — so the exact price of bitcoin doesn't matter much to them.
- Chester Wisniewski, a principal research scientist at Sophos, says that before the crypto crash, hackers were already expecting to either lose or gain 10% during the weeks it takes them to launder ransom funds through crypto exchanges.
Yes, but: Experts who help companies navigate these attacks have limited information on the broader ransomware ecosystem and whether it is truly on the decline or seeing an upswing.
- One example: It took analysts at least a year to determine that hackers’ double-extortion technique was a permanent fixture in their attacks, Wisniewski says.
The bottom line: Ransomware isn't going anywhere.
- But defenses like implementing two-factor authentication, limiting access to sensitive company files to a small group of employees, and reporting phishing emails all make ransomware attacks much harder to pull off.