Ransomware, Threat Management

How will the crypto crash affect ransomware attacks and payments?

MIAMI, FLORIDA – APRIL 8: A bitcoin logo is seen during the Bitcoin 2022 Conference at Miami Beach Convention Center on April 8, 2022 in Miami, Florida. The worlds largest bitcoin conference runs from April 6-9, expecting over 30,000 people in attendance and over 7 million live stream viewers worldwide.(Photo by Marco Bello/Getty Images)
A Bitcoin logo is seen during the Bitcoin 2022 Conference at Miami Beach Convention Center on April 8, 2022, in Miami. (Photo by Marco Bello/Getty Images)

In recent years, cybercriminals have repeatedly requested crypto as their preferred currency for ransomware payments.

But with Bitcoin losing more than half of its value this year, those ill-gotten gains have deflated significantly. How will the crash affect ransomware groups? Will it change payment requests from threat actors moving forward?

A busted Bitcoin may boost ransomware gangs

Business owners have less incentive to continue operating if it becomes less valuable, if common sense is followed. That said, as the crypto market has been volatile over the past few months, many people assume hackers are more likely to shift toward crimes such as malware attacks and phishing scams that target actual dollars.

Mark Manglicmot, senior vice president of security services at Arctic Wolf, disagrees with that assumption. He suggested that the unique characteristics of cryptocurrency make it an irreplaceable medium of exchange for cybercrime activities. It is easy, it is fast and, most importantly, its anonymity allows attackers to easily run away with the stolen funds.  

"I won't say it is impossible to track cryptocurrency, but it is very difficult," Manglicmot said."Especially if criminals have converted that money into standard currency.”

Ian Thornton-Trump, CISO of Cyjax Ltd., pointed out that the devaluation of Bitcoin will make cybercriminals “work even harder” on ransomware attacks.

"The crypto crash makes attackers' money worth less, so they will be more aggressive in exploiting companies to extract ransomware in order to keep the lifestyle that they've been accustomed to," he said.

Companies should not drop their guard despite a decline in ransomware attacks

Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

“I don’t think a crypto crash is going to have a massive bearing on whether ransomware occurs or not. Don’t forget that we have a massive amount of world hackers tied up right now with the Russia-Ukraine war,” said Micheal Fey, co-founder and CEO at Island.

More than half of state-sponsored cyberattacks have been traced back to Russia over the past few years, according to various sources. And 74% of ransomware revenue went to groups that are “highly likely to be affiliated with Russia.

Manglicmot pointed out that companies should not take the current decline as a reassuring trend. He suggested that “it is only a matter of time before the numbers continue to rise again."

In other words, once the war ceases, there can be another wave of ransomware attacks as cybercriminals are back to their day jobs.

Cybersecurity budgets amid high inflation

Despite the Biden administration making ransomware defense its top priority last year and cracking down several high-profile hacking groups, there are more challenges ahead amid high inflation.

“With inflation, government departments are going to cut their budgets accordingly. So we are not in a good place of foreseeing a new wave of ransomware attacks coming up and law enforcement budgets being reduced,” Thornton-Trump said.

Therefore, It is the time for companies to work internally and strengthen their ransomware defense. For example, companies can start with buying cyber insurance, building 24/7 security operations centers, and having the right representation from cybersecurity at the executive level.

“Ransomware landscape will get worse in the upcoming years, and we should all better prepare for it,” Thornton-Trump added.

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.