As cyberattacks, namely ransomware, increase nationwide, there’s one reason for the rise in attacks that we cannot ignore: The growing prevalence of cryptocurrency. These ransomware attacks encrypt users’ files, making them inaccessible without a decryption key (or password), and cybercriminals often hold the data for ransom in exchange for a fee–typically demanding cryptocurrency, or an encrypted form of digital currency, that is difficult to trace.
Law enforcement officials are finding a “marked uptick in the frequency, sophistication, and destructiveness of ransomware attacks” nationwide, stemming in part from the growth of cryptocurrencies as a form of extortion payments.
1. Ransomware is a serious and growing problem
The number of cybercrimes increased by 69 percent in 2020 compared to 2019, according to the Federal Bureau of Investigations (FBI).1 Officials say that cryptocurrencies have contributed to the increasing number of cyberattacks.
This year, we saw attacks that dismantled critical infrastructure and these attacks are only expected to continue. In 2020, at least 2,354 governments, healthcare facilities, and schools were impacted by ransomware attacks, with total estimated ransom demands exceeding $1 billion.2
After a ransomware attack, the data is held for ransom. To decrypt the files, the victim must pay the cybercriminal’s fee. But there’s no guarantee that paying the ransom will free the data. These attacks can cause great disruption to business and commerce, especially as the frequency and severity of the attacks increase, threatening virtually anyone with internet access. The FBI advises companies to avoid making ransom payments, as they effectively finance criminal operations, but the FBI also advised Congress against banning ransom payments, as they could lead to other forms of extortion for companies.3
2. Cryptocurrency is growing in popularity
Cryptocurrencies are digital moneys which exist on a public digital, distributed ledger called blockchain. Blockchain allows all users to observe all transactions, but the transactions are anonymous and difficult to trace. Users can create cryptocurrencies using complex computing or invest in existing cryptocurrencies using exchanges. As of June 2021, there are estimated to be more than 2,000 cryptocurrencies in global circulation, with a market value that could exceed $2 trillion.4 The value of some cryptocurrencies are increasing steadily, with Bitcoin valued at nearly $40,000 on August 4, approximately four times its value from a year before.5
3. Cryptocurrencies can fuel ransom attacks
The increasing frequency and severity of the attacks have led government officials to explore ways to curtail the risks cryptocurrencies can pose to our institutions. Although criminal actors use cryptocurrencies, they do have legitimate, legal uses and are becoming more embedded in our financial systems, especially as investments. However, due to the lack of regulation and anonymity of the exchanges, their use can incentivize malicious cyber activity.
Law enforcement officials are finding a “marked uptick in the frequency, sophistication, and destructiveness of ransomware attacks” nationwide, stemming in part from the growth of cryptocurrencies as a form of extortion payments.6 The arrival of Bitcoin in 2009 as the first widely accepted cryptocurrency provided a way to accept and transfer value outside of the oversight and controls of traditional banking and financial systems.
U.S. Senator Elizabeth Warren requested for the Financial Stability Oversight Council to develop a strategy to mitigate the risk posed by cryptocurrencies to our financial systems.7 In this request, directed to U.S. Treasury Secretary Janet Yellen, Warren generally stated in part that cryptocurrencies increase the incentive for malicious cyber activity due to lack of regulation and because they are difficult to trace.
As cryptocurrency remains a driving force for cybercriminals’ gains, it’s important to understand the risk and how it’s evolving.
Additionally, as ransomware remains a top concern for all businesses, it's critical to recognize how ransomware can affect your portfolio. To help quantify losses from ransomware to your book of business learn the differences between targeted and systemic ransomware with Verisk’s leading cyber risk modeling platform.
- Federal Bureau of Investigation Internet Crime Complaint Center, “Internet Crime Report 2020,” https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf, accessed August 3, 2021.
- Emisoft, The State of Ransomware in the US: Report and Statistics 2020, https://blog.emsisoft.com/en/37314/thestate-of-ransomware-in-the-us-report-and-statistics-2020/, accessed August 4, 2021.
- Miller, Maggie, “Top FBI official advises Congress against banning ransomware payments,” July 27, 2021, https://thehill.com/policy/cybersecurity/565110-top-fbi-official-advises-congress-against-banning-ransomware-payments, accessed August 9, 2021.
- Warren, Senator Elizabeth, Letter to Treasury Secretary Janet Yellen, July 26, 2021, https://www.warren.senate.gov/imo/media/doc/FSOC%20Crypto%20Letter%2007.26.2021.pdf, accessed August 2, 2021.
- Coindesk, https://www.coindesk.com/price/bitcoin, accessed August 4, 2021.
- Sheridan, Jeremy, “Prepared Testimony Before The United States Senate Committee on Judiciary,” July 27, 2021, https://www.judiciary.senate.gov/imo/media/doc/Sheridan%20-%20Statement.pdf, accessed August 3, 2021.
- Warren, Senator Elizabeth, Letter to Treasury Secretary Janet Yellen, July 26, 2021, https://www.warren.senate.gov/imo/media/doc/FSOC%20Crypto%20Letter%2007.26.2021.pdf, accessed August 2, 2021.