Cryptocurrency and the Rise of Ransomware Attacks

Cryptocurrency is virtual currency that is not issued by a central authority or subject to government manipulation. [1] In this way, cryptocurrency can be compared to gold bars which people often buy as an investment with the hopes that they will increase in value. [1] While fiat currency, such as dollar bills, is issued by a central authority, is subject to government manipulation, and will not increase in value. [1]

Ransomware attacks are when cybercriminals encrypt victim’s files using data-encrypting malware and demand payment, usually in the form of cryptocurrency, as a means for victims to get their files back. [2] Ransomware attacks have been going on for quite some time. [2] In the past, before bitcoin and other cryptocurrencies were around, cybercriminals would use online payment methods such as PayPal or Western Union which were linked to a bank account leaving the cybercriminals vulnerable to discovery. [2] Cybercriminals even went so far as to use postal services to receive payment from their victims. [2] However, since the dawn of cryptocurrency the ransomware attacks are becoming more frequent possibly because of cybercriminals ability to remain anonymous and avoid law enforcement. [2]

The U.S. recently indicted two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, for alleged ransomware attacks that had been going on for years and affected more than 200 victims. [5] The attackers demanded bitcoins which resulted in more than $6 million in ransom payments. [5] Once ransom money was paid, two other Iranian nationals allegedly converted the bitcoins into Iranian riyals. [5] This is not the first time that the U.S. has issued charges over a ransomware attack. [5] The U.S. also issued charges against a North Korean man for a ransomware attack that affected FedEx, Britain’s National Health Service, and others. [5]

Bitcoin is often the choice for cybercriminals when demanding payment from victims because it has a certain level of anonymity and can be easily purchased by victims for payment. [2] Cybercriminals try their best to remain anonymous when demanding bitcoin by using mixing services which are money laundering for cryptocurrencies. [2] Instead of making it easy for law enforcement to find the specific wallet that the victim’s payments are going to and potentially find out who is behind the attack, cybercriminals will take all the payments, mix them with tens of thousands of other wallets, and eventually get their ransom payments back after they have been mixed with other money. [2]

Unfortunately for cybercriminals, law enforcement has been taking advantage of the fact that bitcoin is not completely anonymous. [3] Law enforcement can use the blockchain which is where the transactions and addresses of bitcoin users are recorded, to track down these cybercriminals. [3] Sure mixing services exist for bitcoin and other cryptocurrencies, but usually the only ones using mixing services are those engaged in illegal activity, meaning as soon as you use a mixing service you’ve already raised a red flag. [3] Now unfortunately for law enforcement, cybercriminals are turning to a new type of cryptocurrency in their attempts to remain anonymous. [3]

Monero is a new type of cryptocurrency which launched in 2014 which provides new benefits for cybercriminals to remain anonymous. [3] Monero uses ring signatures to obscure the identity of senders and recipients. [3] Ring signatures combine a user’s account keys with public keys from monero’s blockchain to create a list of possible signatures, meaning that you cannot link one particular signature to a specific user. [3] Monero also uses stealth addresses which are randomly generated, one-time addresses created for each transaction on behalf of the recipient. [3] As mentioned earlier, mixing services are available for certain cryptocurrencies but when you use a mixing service it often raises a red flag. [3] With monero however, all of the coins used in transactions are always mixed so no red flags are raised. [3] Monero users also have the ability to selectively share their account transactions through a view key. [3] One downfall that monero faced was that they obscured the senders and recipients of transactions but not the amount of the transaction. [3] However, monero introduced RingCT that not only concealed the identity of the sender and recipient but also the amount of the transaction. [3] With the level of privacy that monero has, it offers fungibility. [3] Since monero transactions are untraceable, no two coins are different from one another. [3] With bitcoin however, the transaction history is recorded on the blockchain which means bitcoins associated with theft may be shunned by merchants and exchanges. [3]

Ransomware attacks may cause a lot of trouble and inconvenience but cybercriminals also partake in cryptojacking. [4] Cryptocurrencies are generated through a process known as mining. [1] Every cryptocurrency has a finite number of units that can be mined so the integrity of the cryptocurrency is not diluted. [1] To mine cryptocurrency however, you need a lot of processing power, so these cryptojackers look to large enterprises that have this processing power, one of which happened to be Tesla. [4] Cryptojackers found an administrative portal for cloud application management that was not password protected and went in with mining malware. [4] With Tesla already using so much electricity, the cryptojackers could have went unnoticed for quite some time if it wasn’t for RedLock who noticed Tesla’s open server being attacked by cryptomining. [4]

It seems that cryptocurrencies have made cybercriminal’s jobs easier since cryptocurrencies have ways to help users remain anonymous. Further, cryptocurrencies are only becoming more private, which does not help law enforcement in their search to uncover perpetrators of ransomware attacks. Cryptocurrencies may be helping make ransomware attacker’s jobs easier, but criminals will always find a way to get around safeguards to get what they want. With new cryptocurrencies constantly being introduced, it would not be surprising to see an increase in cryptojacking as well.

Questions to consider:

  • Would restrictions placed on mixing services help in the search for ransomware perpetrators? Would restrictions on mixing services be allowed?
  • Monero is gaining acceptance on the dark web. Is monero the new bitcoin for cybercriminals?
  • Anyone can partake in mining. Should cryptocurrencies make mining cryptocurrencies harder (require more processing power) or would that only add to value and appeal?






~ by 961kaf on February 18, 2019.

6 Responses to “Cryptocurrency and the Rise of Ransomware Attacks”

  1. Restrictions placed on mixing services would likely help ransomware perpetrators to be tracked down. Limiting the extent to which mixing services can operate would probably go a long way to enable ransomware perpetrators to be tracked down. It seems as though there is really no reason for mixing services other than to aid perpetrators of ransomware so it is likely the mixing services would be opposed to any sort of restrictions. There would have to be some incentive for them to follow any sort of restrictions. Obviously then, completely doing away with mixing services, although ideal, is not going to happen. However, it is reasonable to enact some restrictions. For example, maybe not allowing these mixing services to make the amount and the identity untraceable. Perhaps allow the privacy to only go so far such as narrowing it down to 4 possible individuals or something like that. Although restrictions definitely would be ideal, coming up with a legal incentive for the mixing companies to follow any sort of restrictions seems like a greater challenge.

    Bitcoin has definitely diminished within the last few years and this is likely due to the fact that companies like Monero are offering the same benefits to criminals (i.e. the ability to launder money through ransomware) with much less risks involved. Because Monero offers so much protection to obscure identity, it is very likely Monero will replace Bitcoin. Furthermore, Monero allows criminals to avoid having to use the mixing services which automatically raise a red flag. It is no surprise that more criminals will start turning to programs like Monero instead of Bitcoin to maximize their profits and minimize their risks of getting caught.

    Although anyone technically can participate in mining, it seems as though making it more difficult by requiring more processing power would only drive up the value to mining. If mining becomes more exclusive, you will have fewer novice miners and only more experienced miners would be participating. Although this sounds like a good idea because there would be fewer miners, overall this would likely create bigger problems. For example, these miners could likely cause more damage and create more trouble than their inexperienced counterparts. Right now for example, it is relatively easy to get rid of ransomware – usually you can just close your browser and there are few instances where a simple closing of a browser or not clicking on a link could not protect potential victims. However, if only the most elite miners were able to do this and the stakes were higher due to the exclusivity, this would likely cause these experienced miners to take ransomware to a new level that we are likely not equipped to deal with.

  2. I think any attempt to place restrictions on mixing services would present two interesting problems. First, who’s responsibility would it be to enforce/promulgate these restrictions? On one hand, seemingly the best body to craft such regulations would be the United States government, or some agency under the government’s control. But, in theory, these restrictions could only be enforced, and violations could only be punished, within the geographic boundaries of the United States. But as you pointed out, this seems to be an international policy. And we could issue subpoenas for violators of the restrictions, but it’s also highly unlikely a country like Iran would ever extradite a national to our country for anything. Second, I believe restrictions might push criminals to create a new system/method for laundering cryptocurrencies associated with illegal activities. It seems like mixing services evolved in reaction to the emergence of cryptocurrency as a viable alternative to PayPal. This could create a game of cat and mouse where law enforcement agencies merely react to the new technologies being developed to help clean the illegally obtained cryptocurrency.

    It seems like the anonymity of Monero is enticing to criminals. Anything that allows someone to bring in money undetected will always find favor amongst criminals, and it seems like this is the new cryptocurrency preferred for criminals. It seems just as likely, however, that some new coin could be created and utilized for criminal activity once people gain a deeper understanding/awareness of how Monero works. Inevitably, the longer it sticks around, the better law enforcement officials will get at recognizing its’ use and using it to apprehend criminals. I believe this will eventually drive criminals to invent a new coin and begin to use it periodically, and I believe this is how we got to Monero in the first place.

    I think any attempt to make crypto mining require more processing power goes against the essence of what crypto started out as. Requiring more processing power would require more initial capital to acquire a system with the required amount of power needed to mine the coins. I think this could disproportionately affect those people with lower incomes, and make cryptos a tool of oppression. Additionally, I think that requiring more processing power would make the coins more valuable, and add to the occurrences of cryptojacking. Increasing the value would increase add more incentive for criminals to steal processing power for their own benefit. Finally, as you said, there is a finite amount of coins available for mining. Eventually there will be no more coins to mine, and this problem will have worked itself out. I believe there are bigger issues with crypto, such as its’ use to facilitate criminal activities, that should be resolved before trying to sort out issues for a temporary problem. I think that being cognizant of the problem, and use of certain plug-ins designed to prevent cryptojacking can adequately address this problem.

    For me, the common theme here seems to be innovation. And the longer these cryptos are in existence, the more effectively law enforcement will be able to stop their use in criminal activities. And the more law enforcement can effectively stop cryptos’ use in illegal activities, the more incentive new cybercriminals have to innovate and create some new coin law enforcement has never seen before. It seems like a hamster wheel of potential criminal innovation, and it will be interesting to see what resources are deployed, and if it can ever be stopped.

  3. Would restrictions placed on mixing services help in the search for ransomware perpetrators? Would restrictions on mixing services be allowed?
    Restrictions on mining services would probably be allowed given that they don’t begin to infringe on the rights of the consumers. Seeing that mixing services is being used to cultivate criminal activity, I do not think that it is a bad idea to restrict what this platform is used for and how it is used. I do think that restriction placed on mixing services would help in the search for ransomware perpetrators. These restrictions can limit what it is that cybercriminals can do and allow the mixing services to be utilized for the main goal that was intended when it was created. These restrictions can also help in the search for ransomware perpetrators by alerting the proper channels when there is a red flagged raised by a person that is not complying with those restrictions. However I do believe that if these restrictions are put into place, these cybercriminals would then find another way to get around the restrictions. They would probably use mining services less and eventually stop using it at all and then create another way for them to partake in the actions that they previously used the mining services for.

    Monero is gaining acceptance on the dark web. Is monero the new bitcoin for cybercriminals?
    Monero does seem to be the new bitcoin for cybercriminals. It allows cybercriminals to evade some of the disadvantages that came with using bitcoin such as the fact that bitcoin is not completely anonymous. This is a huge disadvantage because cybercriminals make it a point to try and remain anonymous, making it more difficult for law enforcement to track any money laundering activities back to them. The Ring signatures of Monero adds another layer to anonymity making it more attractive to those wanting to take part in money laundering schemes.

    Anyone can partake in mining. Should cryptocurrencies make mining cryptocurrencies harder (require more processing power) or would that only add to value and appeal?
    I think that making mining cryptocurrencies harder will not do anything but add to the value of the cryptocurrency. It will not stop a cryptojacker from attempting to still mine cryptocurrency, they will just seek larger corporations with more processing power that will be able to get the job done. People invest in crypto currency with the hope that it will increase in value. Making mining more difficult will lead to a higher value and as a result make cryptojacking more attractive to cybercriminals which will lead to an increase in crime.

  4. . 1. Would restrictions placed on mixing services help in the search for ransomware perpetrators? Would restrictions on mixing services be allowed?

    I believe that regulation should be created to keep better information on those using mixing services, but I’m not entirely sure how useful it would be for the long term. Criminal have adapted to use cryptocurrencies to protect themselves and ultimately will adapt and seek out mixers that do not abide by the regulations or are able to skirt around them. However, I do believe authorities should continue to do their best to tackle these issues because the reality is as our society advances technologically the issues will become more and more commonplace. Therefore, if legislation is proposed, it should be with the understanding that the language must be able to tackle the problems of the future as well as today.

    2. 2. Monero is gaining acceptance on the dark web. Is monero the new bitcoin for cybercriminals?

    Being associated as the cryptocurrency for cybercriminals can’t be good for its long-term growth. Realistically, what criminals use cryptocurrency for is probably only a small amount of the exchanges crypto is used for. People need to be aware that they’re using and essentially increasing the value of the cryptocurrencies they use. For example, when Bitcoin spiked in value, it made a lot of criminals very happy because they were early adopters in Bitcoin and their value skyrocketed. We as a society need to consider if this is something that we value and place over the legitimate concerns of governmental control over currency.

    3. 3. Anyone can partake in mining. Should cryptocurrencies make mining cryptocurrencies harder (require more processing power) or would that only add to value and appeal?

    I think making farming more difficult would only add to dangers that are currently posed by cryptojacking. Increasing the amount of power would only further slow down victim’s computers and increase their energy bill. Additionally, it would likely lead to an increase in the price of these cryptocurrencies only furthering criminal’s desire to install the malware. I feel like the best effort to combat this is to increase consumer knowledge on these issues and continue to create protections for consumers.



  5. I see the class is a little hampered here because you do not know about money laundering regulations, or AML (anti-money laundering policies) companies need to have in place. KAF, I need you to stretch yourself a bit and do some analysis for class. Do you think mixing should be regulated and if so, how would that work and who would have to do it? FinCEN (Financial Crimes Enforcement Network) establishes the guidelines for AML policies as they relate to digital currency. You may be interested to know that the process of mining does not fall within AML regulations. The wallet, however does. You may want to glance at those FinCEN regulations, and see whether we can find some parallels with mixing. It might be helpful to look at some of the previous posts on digital currency and money laundering. This is the original FinCEN guidance, but they have many more recent postings, including this 2018 statement from the director,

    The power required to mine the currency is what keeps limits on who does the mining. This is the tie-in to the issue of cryptojacking. People are looking for ways to harness the power of other computers. This is why Tesla’s cloud server was hacked. They didn’t want Tesla’s information. They wanted to use the power of the cloud server to mine the coin. When you are thinking about regulation, how would you regulate mining. It’s completely lawful to mine. It’s not lawful to hack though. Since mining takes so much energy, do you have some thoughts on how regulation could be used in a way that impacts mining but doesn’t cause it to become unlawful?

  6. The international regulation of ransomware perpetrators would present some interesting regulatory issues. While companies are required to have AML policies, it seems as if this layer of protection does not encompass nearly enough of the problems that are presented in this era of innovation in the cryptocurrency field.
    Currencies such as Monero have made anonymity much easier to come across than users of BitCoin allowing these cybercriminals to stay hidden among the masses. How would states go about regulating this? Should the international community come together and bolster the international organization in charge of regulating international cybercrime? Maybe a new, separate organization needs to be created with a focus in cyber money-laundering. If so, who pays for all of this?
    Even if the framework could be established, what exactly should be regulated? An emphasis could be placed on cyber-hacking, but this still leaves the common crypto-criminals and those with enough processing power free reign. If there was a way to make crypto-miners sign into some kind of closed network where they could be monitored, Governments would be able to track these transactions. However, this is directly against the point of crypto-currencies and is not likely to happen.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: