id="article-body" class="row" section="article-body" data-component="trackCWV">
Earlier this month, hundreds of companies from the US to Sweden were entangled in the ransomware attack through Kaseya, a company that offers network infrastructure to businesses around the world.
The Kaseya hack comes on the heels of other headline-grabbing cyberattacks like the Colonial Pipeline hijacking and the JBS meat supplier hack. In each instance, criminals had the opportunity to make off with millions -- and much of the ransoms were paid in Bitcoin.
"We have to remember the primary reason for creating Bitcoin in the first place was to provide anonymity and secure, trustless and borderless transaction capabilities," says Keatron Evans, principal security researcher at Infosec Institute.
As Bitcoin grows more prominent in markets around the world, cybercrooks have found a vital tool to help them move illegal assets quickly and pseudonymously. And darknet market markets onion by all accounts, the attacks are only becoming more common.
Ransomware on the rise
Ransomware is a cybercrime that involves ransoming personal and business data back to the owner of that data.
First, a criminal hacks into a private network. The hack is accomplished through various tactics, including phishing, social engineering and preying upon users' weak passwords.
Once network access is gained, the criminal locks important files within the network using encryption. The owner can't access the files unless they pay a ransom. Nowadays, cybercriminals tend to request their ransoms in cryptocurrencies.
The FBI estimates ransomware attacks accounted for at least $144.35 million in Bitcoin ransoms from 2013 to 2019.
These attacks are scalable and can be highly targeted or broad, ensnaring anyone who happens to click a link or install a particular software program.
This allows a small team of cybercrooks to ransom data back to organizations of all sizes -- and darkmarket list the tools needed to hack into a small business or multinational cooperation are largely the same.
Private citizens, businesses, and state and national governments have all fallen victim -- and dark market many decided to pay ransoms.
Today's business world depends on computer networks to keep track of administrative and financial data. When that data disappears, it can be impossible for the organization to function properly. This provides a large incentive to pay up.
Although victims of ransomware attacks are encouraged to report the crime to federal authorities, there's no US law that says you have to report attacks (unless personal data is exposed). Given this, there's little authoritative data about the number of attacks or ransom payments.
However, a recent study from Threatpost found that only 20% of victims pay up. Whatever the actual number is, the FBI recommends against paying ransoms because there's no guarantee that you'll get the data back, and paying ransoms creates further incentive for ransomware attacks.
Why do hackers like cryptocurrency?
Cryptocurrency provides a helpful ransom tool for cybercrooks. Rather than being an aberration or misuse, the ability to make anonymous (or pseudonymous) transfers is a central value proposition of cryptocurrency.
"Bitcoin can be acquired fairly easily. It's decentralized and readily
available in almost any country," says Koen Maris, a cybersecurity expert and advisory board member at IOTA Foundation.
Different cryptocurrencies feature different levels of anonymity. Some cryptocurrencies, like Monero and Zcash, specialize in confidentiality and may even provide a higher level of security than Bitcoin for cybercriminals.
That's because Bitcoin isn't truly anonymous -- it's pseudonymous. Through careful detective work and analysis, it appears possible to trace and recoup Bitcoin used for ransoms, dark web markets as the FBI recently demonstrated after the Colonial Pipeline hack. So Bitcoin isn't necessarily used by ransomers simply because of security features. Bitcoin transfers are also fast, irreversible and easily verifiable. Once a ransomware victim has agreed to pay, the criminal can watch the transfer go through on the public blockchain.
After the ransom is sent, it's usually gone forever. Then crooks can either exchange the Bitcoin for another currency -- crypto or fiat -- or transfer the Bitcoin to another wallet for safekeeping.
While it's not clear exactly when or how Bitcoin became associated with ransomware, hackers, darkmarkets cybercrooks, and crypto-enthusiasts are all computer-savvy subcultures with a natural affinity for new tech, and Bitcoin was adopted for illicit activities online soon after its creation.