On Friday last week, Russian-speaking cybercrime syndicate REvil hit at least 200 US companies with a ransomware attack. The gang has since demanded $70 million worth of Bitcoin in exchange for restoring companies’ data.
The attack is the latest in a long line of ransomware attacks that have demanded payment in cryptocurrencies, notably Bitcoin.
REvil’s ransomware attack
The REvil gang broke into information technology firm Kaseya.
The hackers then used the Miami-based firm to access and paralyze hundreds of firms. “More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is $70 million in Bitcoin,” the group said.
Looks like #REvil is asking for $70 million in $BTC to release the Kaseya decryptor publicly. pic.twitter.com/0m7YhCclqb
— Satnam Narang (@satnam) July 5, 2021
President Biden discussed the hack on Saturday—and did not expressly rule out the role of Russian hackers. Under his administration, the U.S. Department of Justice is treating ransomware risks with the same priority as terrorism.
Ransomware and crypto
The growing list of high-profile ransomware attacks that rely on crypto payouts has prompted calls for the crypto industry to face tougher regulation.
“All of this is directly attributable to regulatory impotence over illicit cryptocurrency flows and offshore exchanges,” said computer programmer, Stephen Diehl.
Cryptocurrencies are also—by their very design—censorship-resistant, making them uniquely attractive to groups like REvil looking to make millions under the noses of law enforcement agencies.
Crypto prices have also been prone to crashes amidst high-profile ransomware attacks. After the Colonial Pipeline hack, Bitcoin crashed 10%, and several “altcoins” also saw significant drops in value.
But many in the crypto industry don’t agree that crypto should be blamed for some of these high-profile ransomware attacks. Instead, the fact that criminals are turning to crypto might make law enforcements’ job easier than it otherwise would be.
“Law enforcement would prefer criminals to use crypto,” Charles Storry, head of growth at crypto price aggregator Phuture, told Decrypt. “They could track where the funds went, identify what wallets came in contact with said funds, and if they have used a centralized exchange, they would be able to identify the individuals.”
Bitcoin Ransomware Payments Set 'Dangerous Precedent': House Oversight Chair
US Representative Carolyn Maloney (D-NY), who chairs the House Committee on Oversight and Reform, is putting two recent ransomware victims on the hot seat. In letters today to Colonial Pipeline and CNA Financial, Chairwoman Maloney asked for details about payments the two companies reportedly made to hackers who took control of their computer networks in May and March, respectively. “I am extremely concerned that the decision to pay international criminal actors sets a dangerous precedent that...
That’s because the blockchains of cryptocurrencies like Bitcoin and Ethereum are public; every transaction made on them is visible. They’re also “pseudo-anonymous” rather than truly anonymous; once a Bitcoin address has been linked with an individual (for example if they cash out through a centralized exchange that’s performed KYC), it’s possible to trace the flow of money between wallets and identify the individuals using them.
Privacy coins pose a challenge for law enforcement
Of course, it’s not always so simple, and ransomware attackers are all too familiar with public ledger blockchains and traceable crypto transactions.
Earlier this year, the Colonial Pipeline hackers—who caused gasoline shortages all across the Eastern United States—requested payment in “untraceable cryptocurrency.” The group has previously taken payment in Bitcoin and Monero.
Colonial Pipeline Pays Hackers Ransom in 'Untraceable Cryptocurrency': Report
Colonial Pipeline, the company responsible for providing much of the U.S. east coast's gas supply, shelled out almost $5 million in "untraceable cryptocurrency" to the hackers who took down its network last week, according to a report from Bloomberg which cited anonymous sources. Georgia-based Colonial operates a crucial pipeline for gasoline and jet fuel delivery in the U.S.—it was forced to shut down after the ransomware attack, creating fuel shortages across the Southeast. Reports earlier thi...
So-called privacy coins such as Monero, Dash and Zcash use an array of cryptographic techniques to obfuscate the details of transactions and other identifying information.
That poses challenges for law enforcement; in Norway, Monero and Dash are at the heart of an ongoing missing person case, while the United States’ Internal Revenue Service (IRS) has invited people—and then later two firms—to try and break Monero’s private network last year.
“Currently, there are limited investigative resources for tracing transactions involving privacy cryptocurrency coins such as Monero or other off-chain transactions that provide privacy to illicit actors,” the IRS said at the time.
