The Prevalence of Cryptography in Ransomware: The Role of Blockchain in Combating Crypto Ransomware

As we witness a concerning rise in ransomware attacks on cybersecurity, one of the most notable features of these attacks is the widespread use of cryptography technology by attackers.

Over the past decade, we have witnessed a sudden and alarming increase in the number and scale of ransomware attacks on cybersecurity. These types of attacks harm companies and organizations and affect ordinary individuals, often leaving significant financial and emotional consequences. One of the most notable features of these attacks is the widespread use of cryptography technology in carrying out the attacks and managing payments extorted by the attackers. This article aims to provide a detailed and comprehensive analysis of the trends in the growing use of cryptography in ransomware attacks, examining all aspects and consequences of this threat.

In this article, we examine the role of cryptography in facilitating ransomware attacks and assess this phenomenon’s social, economic, and security impacts on communities and organizations. We will also analyze the mechanics of ransomware attacks that use cryptography, how encrypted payments are made to attackers, and the effects of these payments on the communities and individuals targeted. Additionally, we will evaluate strategies to combat these types of security threats and emphasize the importance of collaboration among various sectors in addressing these threats. In conclusion, we will summarize and analyze the discussed issues, highlighting the importance of ongoing research and the development of cybersecurity technologies. This article serves as a comprehensive reference on ransomware threats and the unprecedented role of cryptography in these attacks, preparing readers for a deeper understanding and better response to these threats.

Understanding the Concept of Cryptography

Cryptography, as one of the prominent advancements in computer science and information security, plays a fundamental role in transforming the cybersecurity landscape. This encryption technology is considered one of the key reasons for the increasing prevalence of ransomware and online trolls as attack tools. In this section, we will introduce cryptography and its various important aspects.

Cryptography is essentially the science and art of encoding information so that only individuals possessing a specific decryption key can access the content of the encrypted information. This fascinating technology allows individuals and organizations to protect their sensitive information from unauthorized access. This means that even if data falls into the hands of hackers or attackers, they cannot interpret this information, as direct and unpredictable data encryption prevents this.

Cryptography is a powerful tool that plays a crucial role in defending against ransomware attacks. Attackers can use methods to receive encrypted payments from their victims while keeping their identities hidden, avoiding any issues. In other words, cryptography enables them to remain easily concealed and anonymous while conducting financial transactions that are difficult to trace.

Therefore, during this complex and dynamic era of technology, cryptography is a fundamental tool in cybersecurity. In this article, we aim to investigate the role of this vital technology in the rise of ransomware and analyze how attackers use it to conceal their identity and elicit cryptocurrency payments. We will also examine strategies to combat these threats and their impact on society so that organizations and individuals can take the best actions to protect their online security.

“Cryptography is a technique that doesn’t require you to trust other people—this way, if you encrypt your files, you can control your choice of who to give your files to.”
— Whitfield Diffie, Cryptography Scientist

The History of Crypto Ransomware:

From Inception to Significant Impact

Crypto ransomware has emerged as a notable phenomenon in cyber threats in recent years. These attacks, different from anything seen before, have arisen directly from blockchain technology and cryptocurrencies.

Crypto ransomware is not merely an updated version of traditional ransomware; it has significantly changed the attackers’ approach to their assaults. Initially, these types of attacks may have begun with an anonymous message and a threat for payment to recover data. Over time, attackers, aided by cryptography technology, gained the ability to encrypt the victim’s compromised files. This capability allowed them to encrypt the essential files of the victims and demand a sum of cryptocurrency in exchange for restoring these files.

The Spread of Crypto Ransomware

With the emergence of crypto-ransomware, these attacks quickly proliferated, becoming a global threat. Attackers used increasingly complex encryption mechanisms, presenting their victims with larger, more coercive, and challenging financial demands. These changes in the attackers’ approach had significant social and economic impacts.

As a cryptographically based threat, crypto-ransomware has severely affected communities and their economies. Individuals and organizations faced substantial financial losses and, in many cases, were compelled to pay large sums to attackers to recover their data. Additionally, these attacks have heightened fear and concern about online security, undermining public trust in the digital space.

Meanwhile, crypto-ransomware attacks have also posed challenges for security equipment and IT departments. Examining and analyzing how to combat these types of threats and enhancing cybersecurity technologies has become a fundamental issue in cybersecurity.

“Ransomware not only encrypts data, but its operation often bridges the psychological gaps of individuals, demanding a response from victims with a message.”
— James Scott, Senior Member, Institute for Critical Infrastructure Technology

How Crypto Ransomware Operates: Encryption, Key Generation, and the Ransom Process

In this section, we will examine how crypto ransomware functions. We will explain in detail the fundamental and key concepts of these cyberattacks, including encryption, key generation, and the ransom process.

Encryption: The Key Filter for Infinite Access

Encryption is the central concept in the operation of crypto-ransomware. It refers to the transformation of data into an incomprehensible form for anyone who lacks the specific key needed to restore the information. Attackers use complex algorithms to encrypt the data, preventing others from accessing it.

Key Generation: Making Data Recovery Impossible

In the key generation process, attackers create a unique encryption key for decrypting the encrypted information. Due to their high complexity and randomness, these keys are difficult for others to predict, making it nearly impossible to recover the data without possessing the key.

The Ransom Process: Threatening the Victim

At this stage, attackers compel the victim to pay the ransom by sending threatening messages and demanding payment. With the decryption key in hand, the attackers threaten to permanently erase access to the data or to publish sensitive information if the ransom is not paid.

Examining Payment Methods

Crypto ransomware utilizes cryptocurrencies, such as Bitcoin or other digital currencies, to encrypt payments received. Such measures allow attackers to access received amounts with minimal traceability and tracking, thus reducing their chances of being traced.

Ransomware employs various methods to request payments. This may occur through deceptive emails with malicious attachments, threatening messages, or even fake websites that mimic official company sites. On the other hand, some ransomware uses coercive methods such as file encryption or locking the user’s device to exert pressure and force the user to make a payment.

Additionally, some crypto ransomware employs essential networks like Tor to conduct transactions and connect to their control servers. These technologies enable transactions to be carried out anonymously and without tracking. Thus, crypto-ransomware largely utilizes the architecture and features of cryptocurrencies to conceal and cover their activities.

Strategies to Combat the Rise of Crypto in Ransomware

The increasing use of crypto in ransomware has become one of the main security threats, necessitating extensive and diverse solutions to combat these threats. The first important step is educating users and organizations about the risks of using crypto in digital currency exchanges and online payments. Individuals must fully understand how attackers leverage this technology to encrypt and recover their critical information, and they should avoid engaging in anonymous transactions.

Furthermore, updating software and operating systems is of significant importance. Security vulnerabilities typically exist in older software versions, so timely updates help individuals and organizations mitigate these vulnerabilities.

“You might think that attackers decrypt the encrypted data after receiving funds from ransomware attacks, but remember that 97% of victims of these attacks do not regain access to their information and data even after paying the ransom.”
— Arulselvar Thomas, Founder and CEO of Briskinfosec Consulting

Moreover, strong encryption and regular data backups protect sensitive information. Encrypting with complex algorithms and using strong passwords to safeguard data and personal information is crucial. In the event of a ransomware attack, payment is not recommended, as the willingness to pay only provides a greater incentive for attackers. Instead, reporting the attack to credible security authorities is vital, as they can assist in investigating and tracking the attackers.

Governments and regulatory authorities should also develop and implement laws and regulations related to crypto and digital payments. These legal measures can prevent the growth of crypto-ransomware. Additionally, international cooperation in pursuing and combating ransomware attackers is crucial, allowing perpetrators to face the consequences of international law. Overall, combating crypto ransomware requires a combination of proactive measures, technological solutions, and appropriate regulatory frameworks. Adequate awareness and careful planning can help us prevent these threats.

Statistics and Figures on Crypto Ransomware

The blockchain research company Chainalysis published an annual report on cryptocurrency crimes in February 2022. According to this report, the legal growth of cryptocurrencies in 2021 significantly outpaced their criminal and illegal uses.

However, the reality is that the volume of cryptocurrency crimes reached its highest level in 2021, amounting to $14 billion, marking a significant increase compared to the $7.8 billion in cryptocurrency crimes recorded in 2020.

The chart below illustrates the total volume of cryptocurrencies received by illegal addresses from 2017 to 2021.

The report also states that among all cryptocurrencies monitored by Chainalysis, the total transaction volume in 2021 reached $15.8 trillion, indicating a remarkable 567% growth in transaction volume compared to 2020.

This report shows that, given the increase in cryptocurrency adoption rates, the increase in criminal activities in this area is unsurprising. On the other hand, it may be surprising that the increase in illegal transactions was only 79%, which is less than the total transaction volume. In fact, with the rise in legal applications of cryptocurrencies, which far exceed criminal uses, the share of illegal activities from the total transaction volume has never been less than this.

The chart below shows the proportion of addresses engaged in illegal activities compared to the total volume of cryptocurrency transactions. This chart indicates that the share of illegal transactions from the total cryptocurrency transactions in 2021 was only 0.15%.

A recent report from the cybersecurity company SonicWall indicates that cryptocurrency hijacking attacks, commonly called cryptojacking, continue to be used as a method of extortion to profit from unsuspecting victims. This type of attack has seen significant growth this year compared to previous years. In the first half of 2023, over 332.3 million cryptojacking attacks were recorded, marking a 399% increase compared to the total for the last year and surpassing the total number of attacks in 2020, 2021, and 2022.

“Crypto, in terms of traceability, is an improvement over the existing financial system. People often say, ‘How is that possible? Isn’t crypto anonymous?’ But the reality is that when criminals use cryptocurrency for illegal activities, digital breadcrumbs are left behind, and I have used blockchain technology to solve crimes.”
— Katie Haun

Cybercrime instructor and board member of Coinbase Exchange

Cybercriminals in these attacks utilize other people’s servers and devices to mine cryptocurrencies. The Monero mining software, known for its high privacy, is commonly used by criminals in these attacks. Individuals affected by these attacks may not even realize that their devices have been targeted in a cyber attack, instead attributing issues to other reasons, such as excessive heat or increased electricity bills.

Key signs of cryptojacking attacks include slower device responses, an unprecedented rise in electricity bills, and excessive resource usage on the device due to battery overheating. Cybercriminals tend to remain anonymous for as long as possible, so cryptojacking attacks are perceived as less risky and even victimless than malware or banking trojans.

You might think that the drop in Bitcoin prices could lead cybercriminals to seek alternative income-generating methods. Still, SonicWall’s research shows that the decline in cryptocurrency market prices has had the opposite effect, and cybercriminals continually strive to profit at any cost.

Various reports indicate cybercriminals always change their tactics and methods to avoid detection and arrest. One of their recent strategies has been distributing cryptojacking malware in cracked versions of the Final Cut Pro video editing software.

Overall, this research report demonstrates that cybercriminals are still seeking low-cost and lower-risk methods to generate income, and this type of attack remains a significant threat in the cyber world.

Conclusion

The widespread use of cryptocurrencies, particularly Bitcoin, in ransomware has become a serious issue for the global digital community. Attackers use ransomware as a payment method to collect and steal users’ cryptocurrencies. One of the main reasons for this phenomenon is the ability of these cryptocurrencies to facilitate secret transactions without disclosure in the global financial system. By utilizing advanced cryptographic technologies, attackers can make payments anonymously, making accessing them more challenging from a legal and enforcement perspective.

Furthermore, this situation allows attackers to maintain their financial information without any risk of detection easily. This scenario can lead to pressure stemming from economic insecurity for ransomware victims, as payments are made anonymously, ultimately leaving no possibility for victims to recover their funds.

As a result, combating the proliferation of these crypto ransomware requires strengthening cybersecurity, better education regarding the risks associated with ransomware, and fostering cooperation between law enforcement agencies and the technology industry. These measures will significantly reduce the impact of ransomware that exploits cryptocurrencies.

Additionally, it is essential to increase oversight and regulatory measures concerning cryptocurrencies to facilitate the tracking and investigation of suspicious transactions and hold responsible parties accountable to prevent misuse of these currencies. These measures appear crucial for enhancing digital currencies’ security and mitigating crypto-ransomware’s impact on the global digital community.