Don’t blame Crypto for ransomware

Gas has been a hot topic on the news lately. The crypto media was about Ethereum miners’ fees. The mainstream media talked about good old-fashioned gasoline, including a short-term East Coast shortage of gasoline, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s diesel supply, gasoline and jet fuel.

In cases of ransomware, we generally see a typical cycle repetition: First, the focus is on the attack, root cause, fallout and the steps companies can take to avoid attacks in the future. Then the focus often begins to shift to cryptocurrency and how its perceived anonymity helps fuel ransomware attacks, thereby encouraging more cybercriminals to jump into the game.

However, when we look at the macro picture of cybersecurity attacks, we see some trends emerging. For example, cyberattack losses increased 50% between 2018 and 2020, with global losses totaling over $ 1 trillion. This is an inevitable conclusion, indicating the proliferation of security flaws that can be exploited.

Connected: Report on crypto exchange hacks 2011-2020

The rise in cybercrime is also being driven by the availability of pre-built, off-the-shelf malware that is easy to find on the Internet for those with little knowledge but who wish to continue to benefit from the free money opportunities offered by unsecured organizations. What is important is that the criminals themselves have refined their strategies to evade defensive security tactics, techniques and procedures (TTPs) and to ensure that they remain profitable. Should cryptocurrency no longer be a viable payment option, attackers would almost certainly switch to a different payment approach. The thought that they would just stop attacking these non-crypto organizations goes against gullibility.

The “root cause” of these events, if you will, is not the payment method that the criminals are rewarded with, but the security flaws that allowed them to breach the company and, of course, the fact that there are criminals who do they commit crimes.

With ransomware trending (and within the DarkSide attack), we see this changing all the time Modus operandi shown. In the early days of ransomware, it was relatively short and dry: a cyber attacker finds a way into the company – usually via a social engineering attack such as a phishing email or an unsecured remote desktop protocol – and encrypts the victim’s files. The victim pays the ransom either by wire transfer or crypto and in most cases is given the decryption key that is normally (but not always) used to decrypt the files. Another alternative is for the victim to choose not to pay and either restore their files from a backup or just accept the loss of their data.

Cyber ​​attack tactics

Towards the end of 2019, more companies were prepared with backup strategies to counter these threats and declined to pay. Ransomware actors like the Maze ransomware group emerged, developed, and changed tactics. They started filtering data and blackmailing their victims: “Pay or we will also publicly publish confidential data that we stole from you.” This significantly increased the cost of a ransomware attack, effectively turning it from a business problem into a notification event. This required data discovery, even more legal advice and public scrutiny, while demonstrating the attacker’s determination to find ways to circumvent payment obstacles. (DarkSide, believed to be the group behind the Colonial Pipeline attack, is an extortionate group.) Another trend, as noted in the report above, is the increased targeting of victims who find those who are in are able to pay higher dollar amounts as well as those with data they don’t want to share publicly.

Cyber ​​attackers will continue to develop their tactics as long as someone or an organization can attack. They have been doing this since the beginning of the hacking. Before crypto and even cybercrime, we had cash in a pocket at night and wire transfers as options for anonymous payments to criminals. You will continue to find ways to get paid, and the benefits of crypto – financial freedom, censorship resistance, privacy, and security for the individual – far outweigh the disadvantage of its attractiveness to criminals, who may find its convenience appealing. Defamation of crypto won’t eradicate the crime.

It can be difficult, or even (probably) impossible, to fix every security breach in an organization. But too often, security fundamentals are skipped, such as: B. Regular patches and security awareness training, which greatly reduce the risk of ransomware. Let’s keep an eye on the target – the company – and not the price crypto. Or we hold Fiat responsible for all other financial crimes.

This article does not contain any investment recommendations or recommendations. Every step of investing and trading involves risk and readers should conduct their own research in making their decision.

The views, thoughts, and opinions expressed here are the sole rights of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Michael Perklin is the Chief Information Security Officer at ShapeShift, where he oversees all product, service and corporate security practices and ensures that they meet or exceed industry best practices. With over a decade of experience in blockchain and crypto, he leads a team that ensures security best practices are applied with both cybersecurity and blockchain-specific methods. Perklin is President of the CryptoCurrency Certification Consortium (C4), a member of several industry bodies, and a co-author of the CryptoCurrency Security Standard (CCSS), which is used by hundreds of global organizations.