PYMNTS-MonitorEdge-May-2024

Ransomware Reaches Beyond Money With More Sinister Goals

ransomware

Ransomware activity related to cryptocurrency is most often associated with the release of malware that encrypts a victim’s information — usually a major corporation — demanding money in exchange for the release of the proprietary data.

The latest report by Chainalysis estimates that ransomware payments last year were at a minimum $602 million. The amount is likely higher, the blockchain-based data platform said.

“In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware,” the report indicated.

Ransomware as a Service (RaaS) is among the more troubling aspects of crypto criminal activity, due to the ready-made malware tools cybercriminals can purchase and deploy without needing much technical or criminal expertise.

See also: Study: 50% of Financial Firms Unsure About Data Security

While data being held hostage in exchange for bitcoin is a widespread and growing problem, a larger issue at hand could have much wider implications than monetary loss. There have already been instances of ransomware-type attacks prompted by geopolitical goals, espionage, disruption of government operations and more.

When a ransomware strain has no structure in place for monetary collection nor a recovery process for victims, the motive is something entirely on a completely different level.

The Chainalysis report points to the continued ransomware attacks on Ukrainian government agencies. The cyberattacks — malware disguised as ransomware — are thought to be part of Russia’s military strategy, CNET reported. Security experts have said that these types of attacks are meant to destabilize the Ukrainian government and its economy.

It’s not only Russian-affiliated attackers using ransomware for geopolitical ends. Crowdstrike and Microsoft cybersecurity analysts have said that ransomware strains originating from Iran have targeted organizations in the U.S., the EU and Israel. The attacks are looking to cause disruption or serve as a ploy to hide espionage activity.

Read more: Survey: Ransomware Affects 58% of Health Orgs

There have been signs of critical buildup over the last year as numerous ransomware strains have been attributed to Iranian cybercriminals. Iran has more individual identified strains than any other country, according to Chainalysis data.

While some strains are financially motivated, others “behave more like tools of espionage, extorting negligible amounts of cryptocurrency from victims.”

There have also been strains linked to China, some analysts have said, pointing to ColdLock, which was used to undertake “similar geopolitical attacks on Taiwanese organizations,” Chainalysis said in its report.

PYMNTS-MonitorEdge-May-2024