Hackers behind ransomware must take credit for driving up price of Bitcoin: Experts

Bitcoin Pixabay

Recent ransomware attacks showed the world how hackers are targeting specific sectors and in return, they have asked for cryptocurrencies, most preferably bitcoins. A new blog post indicated that actually cybercriminals, mounting ransomware attacks, are responsible for driving up the price of Bitcoin.

People who know about cryptocurrencies have noticed the fluctuation in its value. Even though such rapid changes depend on many factors, as per Emsisoft, it may be the ransomware that is fueling the growth of Bitcoin.

It should be mentioned that ransomware is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access.

The post mentioned that the ransom is usually paid in cryptocurrency and that cryptocurrency is usually Bitcoin, which accounted for about 98 percent of ransomware payments made in the first quarter of 2019, according to figures from ransomware recovery specialists Coveware. As a result, Bitcoin has become an inextricable part of the ransomware model.

When asked why these cybercriminals asked for bitcoin in ransom, Pieter Arntz, Malware Intelligence Researcher at Malwarebytes Labs said via email that "it is because bitcoin is mostly anonymous. Otherwise, it could be simply out of habit since there are other cryptocurrencies that are even harder to track. Bitcoins are preferred as it is believed to always hold some value despite its volatility, even when other cryptocurrencies come and go."

Tom Kellermann, Chief Cybersecurity Officer of Carbon Black also mentioned that cryptocurrency such as Bitcoin and Monero are often used with ransomware attacks because they can be fast and reliable ways for criminals to extort money.

"Virtual currencies are widely used in criminal conspiracies because they offer anonymity and can be difficult to trace when the money is eventually converted to actual dollars," Kellermann added.

He said the network for cryptocurrency transactions is surprisingly efficient. Attackers can easily write software that can automatically send ransom notes and ensure that follow up demands are delivered.

"In this respect, attackers have created a system of automated ransomware attacks, which are built on a foundation of virtual money. Without cryptocurrency, it's hard to imagine ransomware being as ubiquitous as it is right now," he said.

The Emsisoft post also mentioned three reasons why the hackers seek bitcoins as ransom and these are accessibility, verifiable process and anonymity.

Kellermann said one of the things that makes ransomware so successful is the anonymity by which the attacks are launched. Attackers are also very adept at covering their track to throw law enforcement off the scene.

Usually, Security experts and law enforcement agencies advise not to pay the ransom after an attack because there is no such guarantee that the attackers will return all the stolen documents even after paying the ransom.

But, recently several reports came up that showed government and private organizations have paid the ransom as demanded after the hackers stole data from their network. But as per this post, paying the ransom proves to cybercriminals that ransomware attacks are profitable, which may incentivize more attacks in the future.

But is it possible to trace these cyber criminals by the payment address? In this case, both the cybersecurity experts mentioned that even though some bitcoin addresses are known to be used by some groups, that still doesn't reveal those people behind it.

Arntz said, "If you make an attempt to follow the bitcoin payments, they can be tracked because the bitcoin blockchain is publicly accessible, but cybercriminals use laundry mixers to throw researchers off their track."

He explained how these mixers split up payments into smaller amounts and use a large number of accounts to send the bitcoins around before they are joined back in another account. "As such, you would have to be able to follow the bitcoins until they get exchanged for actual money if you want to find out who was really behind an attack," he added.

This article was first published on September 6, 2019
Related topics : Ransomware