Colonial Pipeline Ransomware Attack: Is Crypto’s Damaging Image Problem Justified?

Posted on Jun 15, 2021 | ブログ

Introduction

June 2021 saw a dramatic fallout from Colonial Pipeline’s recent admission that it paid ransomware hackers DarkSide in cryptocurrency as well as the FBI’s (ahem) cryptic statement that it was able to crack the hackers’ crypto wallets and retrieve some of the ransom, followed by U.S senators’ calls to crack down on crypto in order to end ransomware attacks. 

These events drove cryptocurrency prices down and stoked fears that authorities had somehow developed technology, aka quantum computing, to penetrate digital asset wallets at large. 

While the latter has certainly not transpired, the ransomware incident, just as July 2020’s audacious“Twitter Hack”, has damaged the reputation and bona fides of cryptocurrency technology, forcing authorities to reassess and mainstream investors to step away. 

This begs 2 questions: 

Is the spike in ransomware attacks a threat to the future of digital asset adoption, and if so, is it the cryptocurrency industry’s problem to solve is possible? 

Let’s investigate by analyzing the threat and recent related events more closely. 

What are Ransomware Attacks?

A ransomware attack is a malicious cyberattack in which malware is used to encrypt the victim’s files, systems, or network. In short, the attacker restricts the owners of the system to have access to their own files. 

The attacker then demands a ransom payment to release the decryption key. The costs can range from a few hundred dollars to millions depending on the value and size of the encrypted data.

In the age of cryptocurrency, ransomware attacks have become more sophisticated, dangerous, profitable and to some extent, a gold mine for criminals due to the anonymity provided by digital assets.

Ransomware attacks have been in existence for a long time as the first recorded case occurred in 1989. However, the general consensus among regulators and bitcoin critics is that cryptocurrencies have fueled ransomware attacks. 

2020 was a ripe year for cybercriminals as the coronavirus pandemic pushed employees to work from home and students to study online. The increased online activity became a honeypot for hackers who turned to several exploitation methods, with ransomware being one of them.

A report by a blockchain intelligence firm Chainalysis revealed that ransomware attacks experienced significant growth in 2020.

Rising Ransomware Attacks

Chainalysis’ report revealed that in 2020, ransomware attacks recorded the highest increase in comparison with other cryptocurrency-related crimes. During that year, ransomware attacks accounted for only 7% of all the money netted by bad actors as criminal addresses held nearly $350 million in cryptocurrency.

Yet this figure represented a staggering growth of 311% increase from 2019 figures.

Crypto-based ransomware attacks grew 311% in 2020. | Source: Chainalysis

The $350 million is only the reported figure. In most cases, ransomware attacks go unreported and there is a likelihood that the real ransomware payments are much higher than the official figures.

Ransomware attacks are believed to have cost several organizations as much as $20 billion in 2020 alone. In 2017, ransomware attacks resulted in losses amounting to $5 billion, accounting for both the money paid to criminals and the money spent to recover in the aftermath of the attacks.

2021 seems to have picked up where 2020 left off. On May 7, Colonial Pipeline, the biggest pipeline system in the United States, was hit with a ransomware attack that affected the company’s computerized equipment managing the pipeline.

The attackers, who have been identified by the Federal Bureau of Investigation (FBI) as DarkSide, received a ransom payment of 75 bitcoins ($4.4 million) at the time.

The U.S. investigators reported that they had recovered 67 bitcoins from the hackers, raising questions of how the illicit funds were obtained.

While this seizure is a good start, it won’t stop or slow down ransomware attacks that seem to be getting more sophisticated.However, the Colonial Pipeline ransomware attack further tainted the image of Bitcoin among regulators.

One of the biggest and most infamous ransomware attacks in history is WannaCry. The infamous cryptoworm of 2017 targeted systems running Microsoft’s Windows operating system. Most importantly, the ransomware was based on an exploit developed by the U.S. National Security Agency (NSA).

How Ransomware Works

There are various methods in which ransomware finds its way to the victim’s computer, with phishing spam sitting at the top of the list.

Phishing spam is the act of sending deceptive attachments in emails with the aim of tricking victims. When the victims open or download the attachments, the malware infects the computer or network.

This locks the user from the computer or system. The encrypted files cannot be decrypted unless the attacker sends the required key.

In some cases, the ransomware attackers copy the data of a particular organization and threaten to leak the data unless a ransom is paid. This type of ransomware is called leakware or doxware.

Who is Targeted for Ransomware Attacks?

There are several ways in which hackers choose their targets. It is a matter of opportunity, financial gains (obviously), and vulnerability of the victims.

Many organizations are targeted because they have sensitive data that they may not want to get into the public domain. Law firms and companies holding sensitive user information are easy targets.

Medical facilities have been targeted because they are likely to pay the ransom quickly because they need patient data to carry out their procedures. A delay could result in the unavoidable loss of lives.

At the same time, crypto whales with large holdings of digital assets are the targets of cybercriminals. They are likely to pay the ransom in the interest of not losing their wealth.

How to Prevent Ransomware Attacks

There are many steps that people and organizations can take to prevent ransomware infection. Here are some of the most pertinent: 

  1. Do not open or download attachments from email addresses that you don’t trust.
  2. Operating systems must be updated regularly to eliminate vulnerabilities.
  3. Files must be backed up frequently so that it becomes easier for companies to restore their data in case of ransomware attacks.
  4. Cryptocurrency holders can turn to offline hardware wallets to store their crypto holdings. In some instances, it is a good idea to store digital assets in various wallets.
  5. Install reputable anti-virus software on your computers

Apart from ransomware attacks, there is a need to look out for other types of attacks especially in the crypto sector.

Should I Pay Ransomware Attackers?

This is a serious ethical question that companies or individuals have to face when they suffer a ransomware attack.

Statistics show that only 29% of victims managed to restore their data, more than half lost some files, and 13% lost all their data.

It is encouraged to report the matter to law enforcement agencies. However, the real decision is determined by how much you have to lose. Companies with sensitive data may have no choice because the damage is bigger than a financial dent.

For some companies, it is a good idea not to pay but in other instances, paying is the only viable option.

Different Types of Attacks

There are several types of attacks in the crypto sector and this article will take a brief look at only two of them.

Fake Deposit Attacks

Fake deposit attacks are security threats that are directly linked to tokens and exchanges. This attack occurs when a token fails to fully implement technical rules and a cryptocurrency exchange has faults in its verification processes.

This attack is only possible if the two conditions are met at the same time.

DeFi Hacks

Decentralized finance, or DeFi, is one of the fastest-growing corners of the crypto space. Its growth has been met with an increase in hacks. 2021 is still only halfway through but significant DeFi hacks have already happened on the Ethereum and Binance Smart Chain (BSC) networks.

Is Bitcoin to Blame for Ransomware?

The biggest question is whether bitcoin is to blame for an increase in ransomware attacks. 

The blame on bitcoin for ransomware attacks is nothing more than trying to find a scapegoat for rising criminal activities. Ransomware has been around for some time, and victims previously paid the hackers in cash or via bank transfers.

It can be argued that while using cryptocurrency certainly makes it easier than ever to facilitate ransom payments, Bitcoin has nothing to do with ransomware as much as money bills have nothing to do with people who use them for doing drugs.

Bitcoin is preferred by criminals because it is anonymous. But another important factor is that cash is even more untraceable. In fact, it is interesting that the Colonial hackers didn’t use Monero (XMR),a preferred choice used by criminals because it is a privacy coin that is hard to trace. 

It is worth noting that only 1% of all crypto transactions are used for illegal activities according to studies. The blame on Bitcoin has been called by its supporters to be a smear campaign. It can also be argued that bitcoin is less used than the U.S. dollar to facilitate illicit activities.

Final Thoughts

Anyone can fall victim to ransomware attacks as many people and organizations turn to work-from-home culture. This has opened various security loopholes that hackers can exploit through various means.

Ransomware attacks are on the rise after they grew more than 300% in 2020 alone. The attacks could become more prominent in the future as cybercriminals chase a big payout.

To stay safe, technology users are expected to avoid these 7 deadly digital security sins

Ransomware attacks have done nothing but give bitcoin a bad image. However, is bitcoin to blame for these attacks or authorities are only looking for something or someone to blame?

If anyone is to blame, then it is the attackers but not digital assets. Fiat currency is used for criminal activities every day but no one has ever laid the blame on money. This could be viewed as double standards. 

In fact, Bitcoin’s pseudonymous nature, where all transactions are transparently recorded and viewable on a public ledger, leaves a digital footprint not there with money, which enables authorities to know exactly where to look and who to go after. 

With the shift to a digital economy accelerating over the last decade, the onus is now on corporations to ensure that their network security also evolves and keeps up with the times. If not, odds are they will become inevitable victims of cybercriminals, who may or may not demand cryptocurrencies for their efforts. Either way, the cat is out of the bag.

CYBAVO is a digital asset security company  founded by experts and pioneers from the cryptocurrency and security industries with more than 20 years experience. Cybavo’s Vault custodial platform and enterprise wallet solutions offer companies innovative security measures such as multi-party computation (MPC) to help them safekeep their crypto assets with complete peace of mind.