Online attackers like to demand their loot in cryptocurrencies. Betsy Bevilacqua and Gurvais Grig* say this could soon be their undoing.
Ransomware attackers like to demand payment in cryptocurrency, in particular bitcoin.
This is because it is seen as anonymous and untraceable.
In 2022, rather than being seen as a facilitator of criminal activity, cryptocurrency will be recognised as an invaluable tool for helping topple cyber criminals and weeding out illicit activity, because it is much less anonymous than people think.
Cryptocurrency operates on public, immutable blockchain ledgers, making it far more transparent than other forms of value transfer.
As knowledge and digital-tracking capabilities develop further, this inherent transparency is rapidly becoming a critical advantage for those working to track and prevent cyber crime.
We can learn a tremendous amount about some ransomware operations by following the money on the blockchain.
We know, for example, that some organisations function on a Ransomware-as-a-Service (RaaS) model.
This is where attackers known as affiliates “rent” usage of a particular ransomware strain from its creators or administrators, who in exchange get a cut of the money from each successful attack affiliates carry out.
These organisations also depend on illicit third-party services that can help cyber criminals carry out larger, more effective attacks.
These illicit service providers have become the connective tissue of the ransomware ecosystem and the data source that ties them together is cryptocurrency blockchains.
By analysing blockchain data we will be able to identify and map ransomware actors and services, leading to the prevention of future campaigns.
There has been discussion that criminals will turn to using so-called privacy coins such as Monero (which still uses a public blockchain ledger, but uses technology to intentionally obfuscate the transactions), but this method has drawbacks.
Privacy coins simply aren’t as liquid as bitcoin and other cryptocurrencies, especially as some exchanges have declined to list them or de-listed them due to regulatory concerns.
Cryptocurrency is only useful to criminals if they can obtain it from their victims and then use it to buy and sell goods and services or cash out into fiat currency, and that is much more difficult with privacy coins.
In 2022, lawmakers, regulators and law-enforcement agencies will learn that better cryptocurrency education and knowledge is becoming essential for their operations.
At Chainalysis, we have found that once these organisations better understand how to use cryptocurrency to their advantage, they see that crypto can actually help, not harm, their missions to topple cyber criminals.
Ransomware is very much here to stay, but assuming global adoption of cryptocurrency continues to evolve and law-enforcement education improves, cryptocurrency will become a crucial tool in helping to combat cyber crime in 2022.
*Betsy Bevilacqua is vice president of information security at Chainalysis. Gurvais Grigg is global public sector chief technology officer at Chainalysis.
This article first appeared at wired.co.uk.