How cryptocurrencies have aided cyber-criminals using ransomware
Every year, online crime increases its share of the total crime being committed. Last year, The National Crime Agency (NCA) Cyber Crime Assessment 2016 report stated that cybercrime accounted for 53% of all crimes in 2015, and this trend shows no sign of bucking.
We see organised crime gangs increasingly move online, because that is where the money is, and we can expect to see cybercrime continue to develop into a highly lucrative and well organised enterprise.
An increasingly prominent aspect of these illegal enterprises is the use of cryptocurrencies in transactions. The Internet and the subsequent need for online payments has ushered in a new dawn of payment mechanisms such as cryptocurrencies, says Dr Kevin Curran, senior member of the IEEE and professor of cybersecurity at Ulster University.
Blockchain based cryptocurrencies, such as Bitcoin, have the advantage of allowing payments with little or no transaction fees. Bitcoin along with the use of the correct ‘mixing’ techniques can also provide almost perfect anonymity, which is important for a great many people, especially those engaged in illegal activity.
One of the latest attack vectors for hackers that relies on cryptocurrencies is ransomware. This is a type of malware that holds people’s data files hostage until a payment is made. Once a PC is infected with ransomware, it encrypts all documents on the computer and any attached network drives, and starts a counter that once it reaches zero removes the files.
We’ve seen worrying trends with this piece of malware – the security vendor Malwarebytes used a ‘honeypot’ to attract attackers and they discovered an increase from 17% in 2015 to 259% in 2016.
The only solution to most instances of ransomware is to pay the scammers. Recently, we have seen a dramatic rise in ransomware Denial of Service attacks using Bitcoin as the payment method. Here the hackers threaten to bring a site to its knees unless the ransom is paid. This is a new avenue and a growing treat to all – from home users and businesses right up to large scale ICS/SCADA systems.
In an ideal world, we would like no-one to pay a ransom to the criminals. Paying the ransom not only enriches them, but also encourages them to further develop more sophisticated ransomware and target more victims. There is also no guarantee that the payment of a ransom results in the files being unlocked.
For most people, payment really comes down to the value of the files at risk. If they are deemed worth the ransom then most will simply pay, as quite often the ransom is far cheaper than the cost of losing access to those files.
The main strategy to ensure ransomware is ineffective is to have a proper backup plan in place. Files which are backed up offline can simply be substituted for encrypted files and no ransom need ever be paid.
Other preventative measures include:
- Authenticating in-bound emails –as most infections arise from opening ransomware attachments
- A Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM) and Domain Message Authentication Reporting and Conformance (DMARC) – these tools guard against spear phishing and other attacks coming through spoofed email. They work together to validate the IP address and the domain of the originating email server but sadly, not enough organisations adopt these standards
- Ad-blocking – as ransomware is distributed through malicious advertisements served up to users when they visit sites
- Isolated networks – some organisations have implemented separate networks for employees surfing the web
The ransomware threat in particular raises the ethical issues of cryptocurrencies. To date, cryptocurrencies have mostly been used to undermine security. We have a reached a pivotal moment in global society where financial transactions can take place without being traceable. Virtual currencies are now the modus operandi of trading in illicit goods or services, such as weapons or drugs.
We now need to examine the implications that the existence of anonymous currency has on our society. Cryptocurrencies are here to stay and law enforcement and regulatory forces are facing a crisis in their investigations into their transactions.
In order to fight the cyber-crime cryptocurrencies facilitate, we need more computer security incident response teams, real-time collection of traffic data, and search, seizure and expedited preservation of stored computer transactions. For now, the safest thing is to back up your data and try to become resilient to a ransomware attack.
The author of this blog is Dr Kevin Curran, senior member of the IEEE and professor of cybersecurity at Ulster University
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus