Why Bitcoin Emboldens Hackers?
Doesn’t it seem like more and more cybersecurity horror stories are popping up in your news feed? I know I’ve seen an uptick, especially these past few months. Cybercrime is becoming child’s play for brazen hackers with little to fear and a whole lot to gain. The ambiguous nature of bitcoin and the extremely difficult pursuit of apprehending cybercriminals has emboldened them to make audacious ultimatums.
Over the Fourth of July weekend, the ransomware gang REvil that hit JBS Foods last month made headlines once again for a ransomware attack that started with Florida-based IT firm Kaseya in an attempt to extort a $70 million bitcoin payment. While extraordinary attacks like these are newsworthy, small and midsize businesses (SMB) are getting hit too, and a majority are paying to get their data back.
Bitcoin has become the currency of choice for the underground hacker community. Have you ever wondered why cybercriminals consider bitcoin “digital gold”? I was curious too, and I found it quite surprising that bitcoin exists in an unregulated environment. This gives hackers a pass to anonymously bully companies into submission and take their money and run.
Here are three devious reasons cybercriminals collect ransom payments using bitcoin in exchange for confidential company data:
A legit bank account is not required.
Can you believe all they need is a digital bitcoin wallet? No legal identification or real name and address are required to start a bitcoin account. One perk for hackers is that law enforcement agencies can’t freeze their bitcoin account. And unlike government-issued currencies, it is operated by a decentralized authority. What’s more, the mastermind(s) behind bitcoin technology remain a mystery.
Funds can be transferred anonymously.
Bitcoin can be easily transferred from one person to the next without the use of an actual bank account. Transactions are recorded and stored in a permanent, inalterable public ledger also known as a blockchain. Anyone can trace what you do, but they can’t necessarily see your identity.
Hackers play “catch me if you can” better than you and me.
Cybercriminals are smart and understand their activity can be traced. So, they play an elusive game by continuously transferring illegal bitcoin earnings across numerous transactions and various bitcoin wallets. This makes it virtually impossible to recover stolen funds. In an ultra-rare case, the Feds recently recovered $2 million paid by the Colonial Pipeline—that was only half of what was forfeited; however, the Feds already had DarkSide, the group responsible for the attack, on their radar. The reality is, the Feds don’t have the bandwidth to investigate the vast majority of cases that happen on a daily basis.
It’s pretty safe to say, once you’ve paid a ransom you can kiss that money goodbye. So, if you’re an SMB stakeholder, ask yourself “Is our data safe from a hacker?” and “Can we afford to pay an exorbitant ransom to get it back?” If you answered no or maybe, it’s probably time to improve your cyber resilience and multi-layered security posture to circumvent and/or be prepared for such an event.