Security researchers say the collapse of cryptocurrencies is spreading to the world of ransomware, although bitcoin, ether and other digital currencies remain the payment method of choice for cybercriminals extorting business ransom.
Over the past few months, cryptocurrency prices have collapsed amid rising inflation, economic turmoil caused by the pandemic, the war in Ukraine and falling global stock markets. During this period, which is beginning to be called the crypto winter, hundreds of billions of dollars were destroyed.
This widespread drop forced cybercriminals to recalculate their ransoms and put some of the platforms that rogue them, such as dark web cryptocurrency exchanges, out of business, security experts say. The glitch also accelerated a pre-existing trend of malware attacks and phishing scams that aimed to steal real money, not cryptocurrencies.
Mark Lance, vice president of cyber defense and ransomware negotiator at GuidePoint Security, points out that ransomware claims are typically based on US dollar amounts, so cybercriminals simply make the calculations and request larger crypto amounts. Thus, the demand for bitcoin seems to be higher even if the ransoms did not change much in dollars.
According to this expert, many ransomware attacks today go unnoticed because they are no longer as original as they once were. “Ransomware is still more common than ever and makes a lot of money,” he says.
On the other hand, the cryptocurrency platforms used by cybercriminals are not doing so well. Many of them have been affected by this crypto winter.
Last year, a team of researchers from Cybersixgill, an Israeli threat intelligence firm, monitored the activities of about 30 small darknet exchanges for several months. All of these exchanges, whose names the company did not name, have been closed since April. Reason: Cybercriminals act like many investors. When asset values start to drop, they panic and cash out as quickly as possible in hopes of cutting their losses.
“This is the same thing we see when there are banking issues,” said Dov Lerner, head of security research at Cybersixgill. The clients of these platforms are still active in cybercrime, he said, even if the exchanges “just disappeared.” According to some observers, the crypto winter has finally weakened ransomware attacks.
Not so long ago, cybercriminals could demand a payout of between $1 million and $3 million after blocking a company’s computer system, said Sherrod DeGrippo, vice president of threat research at Proofpoint. “But I think those glory days may be over,” she says, noting that criminals are no longer as successful as they used to be. Many organizations, as well as the US government, have recently stepped up their defenses against ransomware, pushing cybercriminals into other activities.
New forms of attacks
Proofpoint is seeing an increase in attacks using Trojan horses, malware designed to steal credentials or access bank accounts, and phishing attacks that encourage business owners to pay fake bills or send real money to criminals. Even cases of theft of credit card numbers have become more frequent.
In all these cases, criminals choose regular money, not cryptocurrencies.
Trojans are also popular with criminals because they can install themselves on systems, stealing money without anyone noticing. For example, an attacker could force a company to pay a fake invoice month after month, or a banking Trojan could continue to access accounts without the company’s knowledge. “Having a salary, pensions and company pensions is a big win,” says Sherrod DeGrippo. “It’s much bigger, quieter, and simpler than ransomware.”
CNET.com article adapted by CNETFrance
Image: Getty Images