In recent years, cybercriminals have repeatedly requested crypto as their preferred currency for ransomware payments.
But with Bitcoin losing more than half of its value this year, those ill-gotten gains have deflated significantly. How will the crash affect ransomware groups? Will it change payment requests from threat actors moving forward?
A busted Bitcoin may boost ransomware gangs
Business owners have less incentive to continue operating if it becomes less valuable, if common sense is followed. That said, as the crypto market has been volatile over the past few months, many people assume hackers are more likely to shift toward crimes such as malware attacks and phishing scams that target actual dollars.
Mark Manglicmot, senior vice president of security services at Arctic Wolf, disagrees with that assumption. He suggested that the unique characteristics of cryptocurrency make it an irreplaceable medium of exchange for cybercrime activities. It is easy, it is fast and, most importantly, its anonymity allows attackers to easily run away with the stolen funds.
"I won't say it is impossible to track cryptocurrency, but it is very difficult," Manglicmot said."Especially if criminals have converted that money into standard currency.”
Ian Thornton-Trump, CISO of Cyjax Ltd., pointed out that the devaluation of Bitcoin will make cybercriminals “work even harder” on ransomware attacks.
"The crypto crash makes attackers' money worth less, so they will be more aggressive in exploiting companies to extract ransomware in order to keep the lifestyle that they've been accustomed to," he said.
Companies should not drop their guard despite a decline in ransomware attacks
Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.
“I don’t think a crypto crash is going to have a massive bearing on whether ransomware occurs or not. Don’t forget that we have a massive amount of world hackers tied up right now with the Russia-Ukraine war,” said Micheal Fey, co-founder and CEO at Island.
More than half of state-sponsored cyberattacks have been traced back to Russia over the past few years, according to various sources. And 74% of ransomware revenue went to groups that are “highly likely to be affiliated with Russia.”
Manglicmot pointed out that companies should not take the current decline as a reassuring trend. He suggested that “it is only a matter of time before the numbers continue to rise again."
In other words, once the war ceases, there can be another wave of ransomware attacks as cybercriminals are back to their day jobs.
Cybersecurity budgets amid high inflation
Despite the Biden administration making ransomware defense its top priority last year and cracking down several high-profile hacking groups, there are more challenges ahead amid high inflation.
“With inflation, government departments are going to cut their budgets accordingly. So we are not in a good place of foreseeing a new wave of ransomware attacks coming up and law enforcement budgets being reduced,” Thornton-Trump said.
Therefore, It is the time for companies to work internally and strengthen their ransomware defense. For example, companies can start with buying cyber insurance, building 24/7 security operations centers, and having the right representation from cybersecurity at the executive level.
“Ransomware landscape will get worse in the upcoming years, and we should all better prepare for it,” Thornton-Trump added.