What do Ransomware and Bitcoin have to do with each other?
2021 was a breakout year for ransomware attacks on businesses. Last year, CSO Magazine published a study showing that an overwhelming 85% of IT service providers reported ransomware against their customers. According to the online publication TechTarget and several other sources, the following statistics showed just how prevalent ransomware attacks have become:
Ransomware is part of 10% of all breaches. It doubled in frequency in 2021, according to the 2021 “Verizon Data Breach Investigations Report.”
Approximately 37% of global organizations said they were the victim of some form of a ransomware attack in 2021, according to IDC’s ” 2021 Ransomware Study.”
The FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.
As opposed to Payment Card Data theft, which was the prevalent form of security incident during the last decade and allowed criminals to make fraudulent payment transactions in the illicit purchase of goods and services, Ransomware criminals have a different business model. Their goal is extortion and their technique has become more refined with time.
In the past, ransomware attackers encrypted information found on a system and then demanded a ransom in exchange for a decryption key. Recently, Accord witnessed attackers exfiltrating sensitive data to an offsite location where it is used to leak the information to the public if payment was not received. Additionally, we have seen attackers focus their efforts on bringing down mission-critical business applications including accounting, CRM, ERP, and other systems. We also observed attackers taking hold of messaging applications, including email, to broadcast their exploits to employees and customers.
In short, ransomware attacks have evolved from denying access to data into a full-scale ambush, undermining every aspect of business operations.
The capability to execute these types of attacks has existed for many years. Why are we only now seeing full-scale IT extortion efforts focused on non-financial organizations? The answer to that question resides in a recent technological innovation known as cryptocurrency.
What IT manager would be willing to travel to (hypothetically) the Russian Republic with a bag of cash to pay off a criminal hacker? The answer is no one since the risks of making a physical payment in such a way greatly outweigh the rewards.
Bitcoin offers criminals a currency to collect payment for extortion, which is perfect since it’s a currency that allows anonymous transactions and is widely accepted worldwide. With bitcoin to enable nearly frictionless extortion transactions, it’s a wonder we have not seen the business of IT extortion take off even more quickly.
So why do regular businesses make such great targets for IT extortionists?
Based on personal experience, the answer is simple – they pay. Large corporations are better protected and typically have disclosure requirements to auditors and other regulators. They invest enormous sums of money in their brands and their activities are newsworthy. They would rather spend huge sums of money on prevention and remediation vs. paying attackers.
Because hackers want to do the least amount of work to get the most money, those attributes make large businesses unsuitable for the types of attacks launched by extortionists. Slightly smaller companies, alternatively are perfect. They often carry some form of cyber insurance and are not afraid to use it should a significant IT issue hit.
Additionally, they tend to be profitable and are often closely held making disruption of their business operations costly to endure for an extended period. Finally, they are often quiet and are not as concerned with negative publicity as their issues tend to go unnoticed by the media.
What do Ransomware, businesses, and Bitcoin have to do with each other? To a layman, the answer may seem elusive. To IT extortionists, this represents the perfect combination for a captive victim who is an easy mark and is statistically likely to pay. Beware!!