Ransomware Attacks Using Cryptocurrency, Relevant Information, and National Security Issues
Threat actors use ransomware, a deadly type of cyberattack, to block access to computer systems or to threaten the release of data until a ransom is paid. It poses a serious danger to our country’s economic and national security since it has the ability to destroy vital infrastructure and drive businesses into bankruptcy. The usage of cryptocurrencies has made ransomware assaults more prevalent, in part because they are decentralized and spread and because criminal organizations may take measures to obfuscate and impede transactions.Hospitals, school districts, municipal, state, and federal governments, as well as other crucial infrastructure, such as the water and energy sectors, have been victims of ransomware attacks in recent years. At least 2,323 local governments, schools, and healthcare organizations in the US were affected by ransomware attacks in 2021. Ransomware assaults grew by 435 percent in 2020, according to the World Economic Forum, and “are outpacing societies’ ability to effectively prevent or respond to them.” The victims of several of these incidents suffered considerable losses and damages. A three-year comparison of the number of ransomware complaints reported to the FBI between 2018 and 2020 shows a stunning 705 percent rise in adjusted damages and a shocking 65.7 percent increase in victims. 3,729 ransomware complaints totaling more than $49.2 million in adjusted damages were submitted to the government in 2021.
Nevertheless, the real number of assaults, ransom payments made by victims, and associated losses are probably far higher than even these estimates suggest. The FBI even admits that some of its data is “artificially low.” The fact that the official data is much lower than various private sector estimates provides more proof of this underreporting. For instance, according to Chainalysis, a blockchain data and analysis company that works with financial institutions, insurance and cybersecurity firms, as well as the U.S. government as a contractor, malicious actors received at least $692 million in cryptocurrency in 2020, up from $152 million in 2019, or nearly a 300 percent increase over the previous two years, as part of ransomware attacks. According to a different analysis by the anti-malware firm Emsisoft, there were at least 24,770 ransomware occurrences in the U.S. in 2019 with an estimated cost of just under $10 billion (including downtime expenses).
U.S. Senator Gary Peters, the head of the Senate Homeland Security and Governmental Affairs Committee, announced in July 2020 an investigation into the part played by cryptocurrencies in encouraging and facilitating ransomware attacks, as well as the harm that these attacks cause to victims, in order to better understand this growing threat. The Committee staff interviewed representatives from federal law enforcement and regulatory organizations as well as commercial businesses that help ransomware victims with ransom demands as part of its ten-month inquiry. Although it is not comprehensive, this study discusses some of the most important aspects of the broader picture of the growing national security danger posed by ransomware attacks and the usage of cryptocurrencies for ransom payments.
However, according to numerous organizations questioned by Committee staff, cryptocurrency, usually Bitcoin, has almost always been used as ransom payment in ransomware attacks. This is because cryptocurrency makes it possible for criminals to quickly and easily demand enormous sums of money from victims in a variety of industries. Decentralized payment structures, erratic regulatory compliance by some players in the market, and new anonymizing tools all make it difficult for law enforcement to apprehend illegal actors, especially those with overseas bases. The threat posed by ransomware attackers to national security is seen in high profile incidents like Colonial Pipeline. However, the fact that the FBI was able to recoup more than half of the ransom money given by Colonial Pipeline demonstrates how, with the correct information, law enforcement can make use of the special characteristics of cryptocurrencies as well as other investigative methods to find cybercriminals and recoup stolen money.
The efficacy of current instruments to safeguard national security is blunted by our collectively inadequate grasp of the ransomware environment and the cryptocurrency payment system, and efforts by the private sector and the federal government to aid victims of cybercrime are constrained. The need to rectify these deficiencies increases as Russia pursues its invasion of Ukraine and looks for loopholes in the global financial system. In 2021, over 74% of the money made through ransomware was distributed to companies that were either probably based in Russia or under Russian government control. Furthermore, the invasion of Ukraine by Russia has prompted warnings from CISA and other government agencies that the US may experience an increase in harmful cyber activity, such as ransomware attacks. In order to address the rising national security concerns, it is crucial to prioritize data gathering on ransomware attacks and cryptocurrency payments, the article concludes.