On Friday last week, Russian-speaking cybercrime syndicate REvil hit at least 200 US companies with a ransomware attack. The gang has since demanded $70 million worth of Bitcoin in exchange for restoring companies’ data.
The attack is the latest in a long line of ransomware attacks that have demanded payment in cryptocurrencies, notably Bitcoin.
REvil’s ransomware attack
The REvil gang broke into information technology firm Kaseya.
The hackers then used the Miami-based firm to access and paralyze hundreds of firms. “More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is $70 million in Bitcoin,” the group said.
— Satnam Narang (@satnam) July 5, 2021
President Biden discussed the hack on Saturday—and did not expressly rule out the role of Russian hackers. Under his administration, the U.S. Department of Justice is treating ransomware risks with the same priority as terrorism.
Ransomware and crypto
The growing list of high-profile ransomware attacks that rely on crypto payouts has prompted calls for the crypto industry to face tougher regulation.
“All of this is directly attributable to regulatory impotence over illicit cryptocurrency flows and offshore exchanges,” said computer programmer, Stephen Diehl.
Cryptocurrencies are also—by their very design—censorship-resistant, making them uniquely attractive to groups like REvil looking to make millions under the noses of law enforcement agencies.
Crypto prices have also been prone to crashes amidst high-profile ransomware attacks. After the Colonial Pipeline hack, Bitcoin crashed 10%, and several “altcoins” also saw significant drops in value.
But many in the crypto industry don’t agree that crypto should be blamed for some of these high-profile ransomware attacks. Instead, the fact that criminals are turning to crypto might make law enforcements’ job easier than it otherwise would be.
“Law enforcement would prefer criminals to use crypto,” Charles Storry, head of growth at crypto price aggregator Phuture, told Decrypt. “They could track where the funds went, identify what wallets came in contact with said funds, and if they have used a centralized exchange, they would be able to identify the individuals.”
That’s because the blockchains of cryptocurrencies like and are public; every transaction made on them is visible. They’re also “pseudo-anonymous” rather than truly anonymous; once a has been linked with an individual (for example if they cash out through a centralized exchange that’s performed KYC), it’s possible to trace the flow of money between wallets and identify the individuals using them.
Privacy coins pose a challenge for law enforcement
Of course, it’s not always so simple, and ransomware attackers are all too familiar with public ledger blockchains and traceable crypto transactions.
Earlier this year, the Colonial Pipeline hackers—who caused gasoline shortages all across the Eastern United States—requested payment in “untraceable cryptocurrency.” The group has previously taken payment in Bitcoin and Monero.
So-called privacy coins such as , and use an array of cryptographic techniques to obfuscate the details of transactions and other identifying information.
That poses challenges for law enforcement; in Norway, Monero and Dash are at the heart of an ongoing missing person case, while the United States’ Internal Revenue Service (IRS) has invited people—and then later two firms—to try and break Monero’s private network last year.
“Currently, there are limited investigative resources for tracing transactions involving privacy cryptocurrency coins such as Monero or other off-chain transactions that provide privacy to illicit actors,” the IRS said at the time.