Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces to start their relationship.
Ransomware can be like a virtual car that works on all types of fuel, and crypto is the most recommended right now. No one can claim that 2020 was the year of ransomware in the cyber world, but that wasn’t because cyber criminals chose ransomware just because they knew how to attack properly. That’s because crypto has been mostly up this year along with the new normal of the digital world. Thanks to the anonymous payments that can be made using a cryptocurrency, it gave them a new reason to cling to ransomware.
How does ransomware work?
Ransomware is a type of malware that encrypts the victim’s files, whether they are a random user or an organization, resulting in them being denied access to those files on their personal devices.
And the key to gaining access is paying the ransom to the attacker.
How does cryptocurrency help spread ransomware?
Now we all know that all crypto transactions are untraceable for both the receiver and the sender, what we call a whole anonymous transaction. The increased demand for crypto in recent years has made it easier to buy and sell these virtual coins and get real money.
With this in mind, cryptocurrency has become the most popular (if not the best) way for cyber criminals to receive their ransom money without being tracked and give these organizations access to their files.
How do I avoid attending ransomware parties?
Most of the articles on the internet will show you the steps on how to deliver the ransom money to the criminals with minimal losses and no mistakes to ensure you get your files back. But the question is, why do you need to learn how to make payments to a criminal when you can avoid encountering him and his viruses in the first place?
There are several ways, each giving you a generous percentage of protection.
Starting with cybersecurity awareness training, which we call the ultimate layer of protection, followed by multiple layers like the first and most valuable layer, which works at DNS level and is the first gateway between you and the cybercriminal.
Strong DNS protection would simply spin your wheel every time you try to visit a website that contains viruses. It would also block all crypto and mining websites where most hackers party.
DarkSide ransomware. Its active operation took place in 2020. Its main feature was that it not only encrypted the victim’s data but also deleted it from the affected servers. This is one of the distinctive features of such threats.
In less than a year of work, about $100 million was paid in bitcoins. The blackmailers got about $10 million by attacking just two companies.
The Brenntag company sells chemicals. In this case, DarkSide’s criminal partners said they gained access to the network after purchasing stolen information, but did not know how the credentials were originally obtained. The company paid a ransom of $4.4 million in cryptocurrency. After paying the ransom, Brenntag obtained a decryptor for encrypted files and successfully prevented the cyber criminals from making the company’s stolen information public.
The second company is Colonial Pipeline. The Colonial Pipeline is the largest pipeline system for refined oil products in the United States. After learning that it was “a victim of a cybersecurity attack,” the pipeline operator took some systems offline and temporarily halted pipeline operations and several IT systems. It also contacted an outside cybersecurity firm to conduct an investigation. Eventually, they paid the hackers nearly $5 million in cryptocurrency in exchange for a decryption key to restore their systems.
Conti ransomware. The main victims of this blackmail were health facilities. Its common methods use phishing attacks to gain remote access to a computer and spread further across the network while stealing credentials and gathering unencrypted data at the same time. And the most famous attack was the attack on Ireland’s Health Service Executive, in which the gang extorted about $20 million in cryptocurrency for keeping the data they received secret.
How do you get protection?
SafeDNS has updated categories with DGA, cryptojacking and others as part of the security group, and we definitely recommend checking out the threat protection and trying a free 15-day web filtering trial. Take care!