There has been a notion that crypto has facilitated and even helped cybercriminals thrive due to the ability to conduct anonymous transactions and decentralization. However, looking at the bigger picture of all cybercrimes taking place, you realize that this thinking is misguided and doesn’t consider all facts.
According to a report by McAfee, the global losses from cybercrime now total over $1 trillion, with a 50% increase over the past three years.
The Majority Of Cyber Crimes Are Not Crypto Related
The majority of the affected organizations are not crypto-related.
It’s true that when held at ransom, they may have to pay the attackers using crypto due to the features outlined earlier; however, this doesn’t mean these criminals exist simply because of crypto. In the past, when crypto didn’t exist as a payment mode, attackers would ask for wire transfers or for the victims to drop a bag of cash at night at a specified location.
The coming of crypto has suited their changing tactics just like how they attack. In the past, attacks were direct. A criminal would find a way into your systems through social engineering attacks by taking advantage of unsecured remote desktop protocol or a phishing email and encrypting your files. This would leave the victim with two options: paying the ransom before receiving a decryption key to decrypt the files (which didn’t work at times) or choosing not to pay. In the latter case, the victim would have to restore the files from a backup if they had one or accept losing the data.
New Measures Have Seen Criminals Evolve Their Tactics
However, by 2019, more companies were prepared with backup strategies to counter threats, thereby declining to pay. This saw criminals evolve their tactics where they would steal data and extort the victims. Maze ransomware group is a good example of such a criminal organization specializing in this where they threaten to publish the victim’s sensitive data online if they didn’t pay.
This significantly increased the cost of ransomware attacks. Another trend that has been identified lately is the targeting of victims, where criminals find those they know can pay more if their systems are attacked and those that hold information they wouldn’t like published online before proceeding to compromise them.
What is becoming clear is that cybercriminals will continue to evolve their tactics as long as they have a target to attack. This has been the case since the beginning of hacking and the argument of crypto being the sole reason for ransomware is biased.
That kind of reasoning is mainly propagated by those that don’t love cryptocurrencies and what they stand for; financial freedom for the individual where they get to own their money securely and privately without risking getting censored. These positives far outweigh the negatives, such as attractiveness to criminals who find anonymity and lack of a single point of control convenient when taking their ransoms. People need to understand that by painting crypto in a bad picture, they don’t eliminate cyberattacks.
What Needs To Be Done?
Every organization/individual’s duty is to take the correct security measures to secure their enterprise by plugging every security gap. In most breaches that occur, you will realize that organizations skip fundamental security measures such as regular patching and security awareness training which can go a long way to reduce potential ransomware attacks. The situation isn’t helped by the availability of ready-made, off-the-shelf malware that can be accessed by even people of less skill on the dark market who would like to profit off the easy money opportunities companies that don’t secure themselves properly represent.