Investigations | June 16, 2021

Rising cases of ransomware using bitcoin

by the Crystal investigations team

Tracking cryptocurrency transactions accurately from the victim to the illicit entity is key to dealing with ransomware involving digital assets like bitcoin on public blockchains.

Tech advancements have simplified our lives. Developments, however, have left us vulnerable to external digital threats. Ransomware is widely considered to be one of the most common forms of online threats and a modern-day menace to our local and global security systems.

Ransomware is malware that requires a victim to pay money to access files that have been encrypted. Because of transfer efficiency, along with its borderless nature, it has become extremely common for cybercriminals to demand ransomware in the form of cryptocurrency.
Ransomware can have a majorly negative impact on the lives of people. On an individual level, cybercriminals making use of ransomware can block access to work files, affecting everyday workflows. On a higher level, ransomware can halt the services of major business entities.

A primary example of this was witnessed last month when the world’s largest meat processing company, JBS, was hit by ransomware and had to pay $11 million in ransom. Unfortunately, such incidents are becoming increasingly common. Experts believe that ransomware is likely to cost the global economy as much as $6 trillion during 2021. This article discusses the rising instances of digital ransomware using bitcoin and analyzes ways to deal with this danger.

Increasing numbers and sophistication levels of ransomware attacks

The total number of ransomware attacks during 2020 increased by nearly 485% compared to 2019. This mammoth increase was helped because the COVID-19 pandemic has compelled firms to adopt an operating model based on distributed teams. Employees working from home has made it more difficult for tech departments to keep track of various devices and networks.

In addition, ransomware is also evolving and “improving in quality” as an illicit activity tool. Cybercriminals are now making use of advanced techniques such as social engineering and impersonation. These techniques enable them to get unrestricted access to an individual’s data.

There have been several cases of ransomware that have caused global disruption in recent years. One of the most dangerous ransomware attacks took place in the year 2017. The WannaCry ransomware infected computers in more than 150 countries around the world.
This attack focused on computers using the Microsoft Windows platform and lasted for four days. The cybercriminals behind this attack demanded cryptocurrency payments between $300 and $600. It was estimated that the attack impacted over 200,000 computers and cost hundreds of millions of dollars. The attack did not spare any industry and impacted the operations of critical sectors, including healthcare and utilities.

A similar ransomware attack hit the healthcare system of Ireland in May 2021, with hospital operations partially halted for over six days. The scale of these recent attacks on healthcare systems highlights the risks faced by individuals and businesses in a highly connected world.

In response, the US pushes for more scrutiny with terrorism priority

With the well-known case involving Colonial Pipeline infiltration in the US in May 2021, where the oil pipeline’s operations were impacted by a ransomware attack with a compromised password, the company had to shut down all operations due to the attack.
The DarkSide exploitation impacted nearly 12,000 gas stations throughout the country. The firm operating the pipeline had to shell out $5 million to the cybercriminals behind the attack, although the authorities have now recovered a portion of this amount with the help of analysis.

This attack also had a major impact on the way cybercrime is classified in the US. As a result of this attack, the US government decided to classify ransomware attacks in the same priority list as terrorism. It is likely that other leading economies will also follow suit in the near future.

Tracking and analyzing ransomware transactions involving crypto

To have any chance of recovering illicitly gained ransomware funds involving cryptocurrencies, it becomes important for individuals and companies to track ransomware payment transactions. Specialist companies provide services for transaction tracking, including Crystal Blockchain.

Such firms can track cryptocurrency transactions and follow the addresses and connections to figure out the exact location of the funds that have been stolen or paid to the cybercriminals. The open transparency of public blockchain facilitates this analysis.

The German chemical distribution company Brenntag was also hit by a DarkSide ransomware attack in May 2021. The amount paid was revealed to be approximately $4.4 million of bitcoin. Crystal was able to track the payments made by examining each potential address/ cluster.

All these payments were directed to a ransomware address linked to the DarkSide marketplace. Based on this information, along with information collated by other bitcoin analytics services, the US DOJ authorities were able to seize certain servers owned by DarkSide to retrieve the funds.

This case indicates the true value of being able to track transactions accurately and efficiently.

This Crystal platform image shows movements of stolen funds into & out of a DarkSide wallet

Ransomware continues to trouble individuals and businesses around the world. However, governments and regulatory bodies are now taking a tough stance against such activities. It is likely that regulatory bodies like the Securities and Exchange Commission (SEC) will look to formulate robust laws aimed at stopping ransomware attacks. Another ray of hope has been the emergence of analytics software such as the Crystal platform, experts in blockchain monitoring.

Solutions like Crystal Blockchain’s platform have the ability to track ransomware attacks and payments involving crypto by analyzing public blockchain ledger entries. In addition, such software also offers additional benefits for crypto transactions and connections risk mitigation.

To learn how Crystal can help transform your approach to crypto compliance, book a demo here. 

Be the first to get news from Crystal