What’s going on
Cryptocurrency prices continue to fall, but cybercriminals still need the coins for ransomware attacks.
why does it matter
Some experts say price drops could be turning cybercriminals away from ransomware and toward other types of cybercrimes that involve stealing traditional money.
The cryptocurrency crash is sweeping the ransomware world, security researchers say, even though bitcoin, ether and other digital tokens remain the payment of choice for cybercriminals to lock down corporate computer systems.
In recent months, the value of cryptocurrencies has plummeted amideconomic shocks caused by the and the fall of world stock markets. it has been removed during that period, which is beginning to be known as crypto winter. In one day alone, more than $200 billion worth of value was wiped out of the vast crypto market.
The widespread crash has forced cybercriminals to recalculate their ransoms, security professionals say, and put some of the services that handle their ill-gotten gains, such as dark web crypto exchanges, out of business. It’s also accelerating a preexisting shift toward crimes like malware attacks and corporate phishing scams that target real dollars, rather than crypto.
Mark Lance, vice president of cyber defense and ransomware negotiator at GuidePoint Security, notes thatdemands are usually based on US dollar amounts, so cybercriminals simply make calculations and request larger amounts of crypto. That makes the demand for bitcoins seem higher, although the bailouts haven’t changed much in dollar terms.
Lance says that many ransomware attacks go unnoticed these days because the attacks aren’t as novel as they once were. Many ransomware gets little attention unless it has the kind of consumer consequences that sparked last year’s headline-grabbing attack.made.
“Ransomware is still as prevalent as ever,” Lance said, “and it’s still making a lot of money.”
Business is not so good on largely shady crypto exchanges that cater to small-time cybercriminals. Many of those organizations are feeling the cold of the crypto winter.
Last year, a team of researchers from Cybersixgill, an Israel-based threat intelligence firm, observed the activities of approximately 30 small dark web exchanges over several months. The exchanges, which the company did not specifically name, have been closed since April.
The reason: Cybercriminals are a lot like many investors. When asset values start to drop, they panic and cash in as quickly as possible in hopes of cutting their losses.
“It’s like what we see when there are bank runs,” said Dov Lerner, who leads Cybersixgill security research. He says that the people behind the exchanges are still active in cybercrime even though the exchanges have “just disappeared.”
Some observers say that the crypto winter has permanently chilled ransomware attacks.
Not long ago, cybercriminals could demand a payment of $1 million to $3 million after crashing a corporate computer system, says Sherrod DeGrippo, vice president of threat research at Proofpoint, an email security company.
“But I think those heydays may be over,” he said, noting that criminals aren’t having the same success they once did. He points out that many organizations, along with thehave stepped up their defenses against ransomware recently, pushing cybercriminals into other activities.
Your company has seen increases in attacks involving remote banking Trojans, malware designed to steal credentials or access financial accounts, along with phishing attacks that trick company officials into paying bogus bills or sending real money to criminals . There has even been an uptick in the collection of credit card numbers.
With any of those crimes, the criminals get by with conventional currency, rather than cryptocurrency.
Criminals also like Trojans because malware can be installed on systems and silently siphon off money over time. For example, an attacker could con a business into paying a bogus bill month after month, or a banking Trojan could continue to gain access to financial accounts over time without the business knowing.
“Getting payroll, pensions and retirement from an organization creates a massive payday,” DeGrippo said. “It’s much bigger, quieter and easier than ransomware.”