98% Of Crypto-Related Ransomware Payments Are Paid In Bitcoin (BTC): Study
Bitcoin (BTC) is the most popular cryptocurrency used in ransomware payments, according to a new research report by Coveware.
Among crypto-denominated payments that attackers demand from their victims, BTC accounts for the largest percentage as revealed in the company’s Q1 2019 Global Ransomware Marketplace report.
The firm’s report allegedly represents an aggregate of ransomware statistics involving cases that the firm’s Incident Response Team handled.
It suggests that these ransomware attacks increased dramatically in the first quarter of 2019, with the spike notable when compared to the average ransom demands that hit the crypto space by malicious actors.
Per Coveware’s analysis, average ransom demands that attackers asked for in return for a decryptor tool rose by 89 percent. It adds that affected users only received the data recovery tool after parting with an average of $12,762 in the first quarter of 2019.
That figure is nearly double the figure attackers demanded in Q4 2018, which typically stood at $6,733.
Almost all ransoms were paid in bitcoin, accounting for 98 percent of the total ransom paid in crypto.
Part of the report notes that handling of crypto continued to be a source of hiccups, troubling both those expected to pay and the threat actors.
The researchers hypothesize that it could be that “ransomware rotates towards different crypto” the very moment people learn how to navigate the system.
Coveware observes that threat actors are less likely to consider many of the other cryptocurrencies as they find it easier to utilize mixing services to change the bitcoin ransom to another crypto.
Most of these actors go for privacy coins, with Dash (DASH) and Monero (XMR) the main go to coins.
Thus, only 2 percent of privacy coins account for ransom payments, and Coveware observes that such is only considered in the latter stages of the transaction. The bad actors prefer BTC for the initial payment process and only resort to privacy coins when attempting to hide the footprint of the illegally earned money.
Coveware’s report identifies GandCrab, a prolific ransomware strain, as perhaps the only one that has seen threat actors go for payments in privacy coin Dash (DASH) or Bitcoin (BTC).
Apparently, GandCrab accounts for 20 percent of the attack market.
The report further notes that ransom paid in bitcoin to GandCrab attracts a 10 percent extra fee, which hackers ostensibly use as a cover for mixing services expenses.
Earlier in the week, payments firm Paypal secured a cybersecurity patent that could see increased protection against cryptocurrency ransomware available.
Moreover, in March, major auditing firm PricewaterhouseCoopers (PwC) revealed that the masterminds of SamSam ransomware scheme were Iranian nationals. PwC reported that these individuals used the WEX cryptocurrency exchange to launder money received from the SamSam attacks.
The ransomware caused extensive damage to numerous U.S.-based companies, universities, government agencies, and hospitals.
Disclaimer: This is not investment advice. Cryptocurrencies are highly volatile assets and are very risky investments. Do your research and consult an investment professional before investing. Never invest more than you can afford to lose. Never borrow money to invest in cryptocurrencies.