On July 2, hacker group REvil launched the largest ransomware attack in history. The campaign targeted IT management provider Kaseya, specifically their VSA remote software and management tool. Kaseya isn’t the only company affected– over 1500 businesses are vulnerable to this hack.
What is REvil demanding? $70 million in Bitcoin. The transaction isn’t in dollars, yen, or euros. Just like other hackers, dark web traders, and illicit black marketeers, REvil is ditching conventional currencies in favour of crypto.
There’s a reason criminals love crypto. No nation or central bank controls it. It is anonymous, can be exchanged for real world goods and — as financial media like Bloomberg and CNBC constantly tell us — can go up in value like a rocket ship. Over time, REvil’s $70 million demand could plausibly be worth $1 billion if Kaseya accedes to the ransom.
What’s at stake isn’t just money, though. As hackers get more ambitious, they are targeting essential infrastructure like oil pipelines and hospital servers. Jobs, lives, and the environment are on the line.
It’s not surprising that several hackers are backed by rogue states. For example, in 2019, North Korean hackers Lazarus Group stole $250 million worth of cryptocurrency from multiple exchanges. The Kim regime is obsessed with crypto because it allows them to skirt international financial sanctions. Combined with ransomware, crypto can also inflict terror on people and organizations that North Korea deem as “enemies”.
The scheme is so effective, fellow rogue states like Russia and Iran are getting in on the act. REvil is linked to Russia, engages in cyber espionage that’s favourable to Russian interests, and launches cyber attacks within Russia — all while acting with impunity from criminal charges. Meanwhile, crypto mining malware linked to Iran is causing havoc in Middle Eastern oil and gas facilities — which, in turn, helps Iran lessen the impact of financial sanctions.
If there’s a silver lining, it’s that even though “privacy coins” like Monero exist, criminals love Bitcoin. Of all cryptos, Bitcoin is their favourite. 95% of all crypto crimes are executed using Bitcoin.
Though Bitcoin is anonymous, it is also highly traceable. Using forensics analysis, law enforcement is able to easily follow the paper trail of illegal transactions. Tracking crypto payments, agencies like the IRS can often remove the digital mask and reveal the identity of cyber crooks while simultaneously recovering crypto funds. Bitcoin tracking has proved so lucrative that crypto sleuthing start-up Chainanalysis now has a valuation of $2 billion.
Yet the bulk of Bitcoin is controlled by rogue states. China, Russia, and Iran control 76% of the world’s Bitcoin mining capacity. As much as Bitcoin is traceable, much is out of reach from law enforcement.
It’s perhaps time for the West to invest more into blockchain technology. Ignoring decentralization won’t make it go away.