Growing instances of bitcoin being used to demand ransom payments suggest that the best-known cryptocurrency is gaining popularity among cyber criminals. From pipelines to meat processors, reports of bad actors seeking to disrupt supply chains and transportation hubs are on the rise, along with demand for payment in bitcoin — and due to recent success they are not expected to slow anytime soon.
It’s led to a troubling scenario in which cryptos’ best use case might be, at least for now, as a monetary conduit in crimes.
Among the most recently reported spate of attacks (with more to come, we’ll wager), the Massachusetts Steamship Authority said this week that it was the target of ransomware. The hackers limited the ferry operator’s ability to process electronic payments.
And, separately, JBS USA, the largest meat processor in the world, was targeted by hackers that, as reported, are likely based in Russia. That attack came weeks after hackers besieged the Colonial Pipeline earlier last month.
Executives have been ringing the alarm bells.
As reported in this space, Kevin Mandia, CEO of cybersecurity firm FireEye, said that “Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the talent and skills to defend themselves — they’re getting sucker punched.” Johnson & Johnson Chief Information Security Officer Marene Allison said at a Wall Street Journal forum: “You will see attacks, whether it be through your email, through your systems, through your network, all day long. Twenty-four by seven from around the world.”
Ransoms Via Crypto
And one thread that seems to weave its way through the attacks … is the demand for ransoms to be paid in cryptos such as bitcoin.
The Biden administration is looking more closely into what CoinDesk reported would be a “federal response” to the attacks, zeroing in on the use of crypto in hackers’ efforts. And, in remarks by Principal Deputy Press Secretary Karine Jean-Pierre (per a White House release documenting interactions with the press): “President Biden has already launched a rapid strategic review to address the increased threat of ransomware to include four lines of effort: one, distribution of ransomware infrastructure and actors working closely with the private sector; two, building an international coalition to hold countries who harbor ransom actors accountable; and expanding cryptocurrency analysis to find and pursue criminal transactions.”
Chainalysis reports that ransomware attacks as of early May of this year alone have taken in about $81 million. It’s a tally that must, according to the firm “be considered a floor for the time being as the figure will almost certainly grow as we identify more ransomware addresses.” In 2020, for the year, roughly $406 million in crypto payments were sent to attackers.
Separately, Elliptic said it had identified the bitcoin wallet that had been used by the DarkSide criminal group that received the actual ransomware payments — for example, 75 bitcoin that had been paid (worth $4.4 million) by Colonial Pipeline.
“Our analysis shows that the wallet has been active since 4th March 2021 and has received 57 payments from 21 different wallets. Some of these payments directly match ransoms known to have been paid to DarkSide by other victims, such as 78.29 BTC (also worth $4.4 million at the time of the transaction) sent by chemical distribution company Brenntag on May 11,” said Elliptic.
All of this underscores the increased favor crypto is finding with cyber criminals, tied partly to the anonymity of the digital offerings themselves. And it’s a sure bet, as signaled by the Biden administration, as noted above, following the money will become critical. Additionally, U.S. Treasury Secretary Janet Yellen said early in 2021 that there’s been an “explosion of risk” and especially cryptocurrencies. Legislative updates to anti-money laundering (AML) and combatting terrorism financing “couldn’t have come at a better time,” Yellen told a roundtable back then. “We’re living amidst an explosion of risk related to fraud, money laundering, terrorist financing and data privacy.”