Bitcoin Is Aiding The Ransomware Industry
CLICK HERE ->>> https://urlgoal.com/2tl6lm
Bitcoin accounts for approximately 98% of ransomware payments. Whether an organization pays the ransom or attempts to recover the data independently, a clear understanding of bitcoin is essential for cyber incident response planning.
The Danish facilities company ISS estimated that a ransomware incident in February will end up costing it between $45 million to $75 million in IT upgrades and other measures. These ransoms are almost always paid in bitcoin. It is estimated that ransomware operations will cause $20 billion in damages this year.
The ransomware industry is experiencing rapid growth, and governments are increasingly aware. On Jan. 6, the U.S. Federal Bureau of Investigation (FBI) issued a warning to the private sector about Egreror, a ransomware operator that has affected Barnes & Noble, Kmart and Ubisoft. CoinDesk columnist JP Koning has argued for a government ban on companies paying for ransomware, as a way to reduce the incentive for criminals to engage in these attacks. We are a high-profile hack away from ransomware being a topic in mainstream politics.
While most virtual currency activity is licit, virtual currencies can be used for illicit activity through peer-to-peer exchangers, mixers, and exchanges. This includes the facilitation of sanctions evasion, ransomware schemes, and other cybercrimes. Some virtual currency exchanges are exploited by malicious actors, but others, as is the case with SUEX, facilitate illicit activities for their own illicit gains. Treasury will continue to use its authorities against malicious cyber actors in concert with other U.S. departments and agencies, as well as our foreign partners, to disrupt financial nodes tied to ransomware payments and cyber-attacks. Those in the virtual currency industry play a critical role in implementing appropriate AML/CFT and sanctions controls to prevent sanctioned persons and other illicit actors from exploiting virtual currencies to undermine U.S foreign policy and national security interests.
FinCEN, in addition to the guidance and enforcement activities above, has also engaged with industry, law enforcement, and others on the ransomware threat through the FinCEN Exchange public-private partnership. FinCEN held a first Exchange on ransomware in November 2020 and a second Exchange in August 2021. FinCEN is taking additional action under its authorities to collect information relating to ransomware payments.
Countering ransomware benefits from close collaboration with international partners. At the Group of Seven (G7) meeting in June, participants committed to working together to urgently address the escalating shared threat from criminal ransomware networks. The G7 is considering the risks surrounding ransomware, including potential impacts to the finance sector. For example, the G7 Cyber Expert Group (CEG), co-chaired by Treasury and Bank of England, met on September 1 and September 14, 2021 to discuss ransomware, which remains a grave concern given the number and breadth of ransomware attacks across industry sectors. The participants considered the effects of ransomware attacks on the financial services sector, as well as the broader economy, and explored ways to help improve overall security and resilience against malicious cyber activity.
Dharma ransomware attacks have been attributed to a financially motivated Iranian threat group. This RaaS has been available on the dark web since 2016 and is mainly associated with remote desktop protocol (RDP) attacks. Attackers usually demand 1-5 bitcoins from targets across a wide range of industries.Dharma is not centrally controlled, unlike REvil and other RaaS kits.
Combating RansomwareThere were a number of high-profile ransomware cases in 2021, with perhaps the most notable being the attack against Colonial Pipeline in May. Here, the DarkSide ransomware operators demanded a payment of 75 bitcoins, a sum that would have equaled more than $4 million.
Bitcoin serves as a constant throughout the majority of ransomware cases BAE Systems Applied Intelligence has observed, with a number of other high-profile cases, such as an attack against JBS USA in May involving the REvil ransomware, where an $11 million ransom was paid in bitcoins, and the exploitation of Keseya VSA, where a ransom of $70 million in bitcoins was demanded in return for a combined decryptor for all the approximately 1,500 organizations affected.
Given this seizure, showing that Bitcoin is perhaps not the infallible, untraceable form of currency that it is sometimes purported to be, BAE Systems Applied Intelligence has predicted that 2022 will see threat actors begin to move away from it and toward other cryptocurrencies, such as Monero, where tracing is far more difficult. The operators of one particular ransomware strain, Grief, was seen to follow this trend in 2021, with chat logs showing its preference for Monero by offering a discount compared with the amount asked for in bitcoins.
Banning ransomware payments is one of many ways to potentially counter the ransomware problem, and, if done correctly, could have a significant impact. This would, however, require careful co-ordination with law enforcement, the insurance industry, and other stakeholders, and should not come at the expense of initiatives to improve the organization's security postures.
For years, the healthcare industry has been on guard for ransomware attacks, and now, more than ever, healthcare leaders must continue to be vigilant. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have received credible information of an increased and imminent threat to U.S. hospitals and healthcare providers. On October 28, 2020, the agencies issued a joint announcement (revised on October 29th) to advise healthcare providers to take timely and reasonable precautions against these threats. 59ce067264