Crypto Ransomware & Tornado Cash Emerge as Standouts in Cybercrime: Chainalysis

Cybercrime, particularly the crypto ransomware vector, has undergone significant shifts, marking a watershed moment in digital asset security.

According to the latest comprehensive analysis by Chainalysis, a leader in blockchain analytics, ransomware payments have astonishingly exceeded the $1 billion threshold, underlining a significant escalation in the prevalence of these cyberattacks.

Crypto Ransomware: A Growing Trend

Parallel to this alarming trend, Tornado Cash, an Ethereum-based mixer, has witnessed a resurgence in use despite being heavily sanctioned. This suggests an evolution in the tactics employed by cybercriminals.

The resurgence of Tornado Cash amid sanctions underscores a stubborn persistence within the crypto criminal underworld. Eric Jardine of Chainalysis articulated his surprise at this development, emphasizing how,

“The gradual resurgence of Tornado Cash…was unexpected.”

This unexpected revival signals a complex challenge for regulatory bodies and highlights the adaptive nature of cybercriminal networks in circumventing sanctions.

The creation of 583 new ransomware variants in the same year points to an escalating threat to both cyber and cryptocurrency security landscapes. Kim Grauer from Chainalysis remarked on the momentousness of this escalation, revealing that “we had hit an all-time high” in ransomware activities.

Total value received by crypto ransomware 2019-2023. Source: Chainalysis

This starkly contrasts with the previous focus on other cybercrimes, such as hacking and money laundering.

Governments Fighting Back

In a robust response to these threats, the US Treasury Department has intensified its crackdown on entities linked to Russian ransomware operations, notably sanctioning individuals associated with the notorious LockBit group. The collective allegedly pilfered assets worth $9 billion from a US broker-dealer.

This move is aimed at dismantling the financial networks underpinning such cybercriminal activities. It involves blacklisting crypto addresses and necessitates the reporting of properties owned by the sanctioned individuals to the US authorities.

These developments have cast a spotlight on the evolving strategies of ransomware perpetrators. Notably, the Ransomware-as-a-Service (RaaS) model has grown alongside reliance on initial access brokers (IABs).

This ‘disturbingly effective’ business model, as described by Andrew Davis of Kivu Consulting, facilitates the proliferation of ransomware attacks. It renders them more accessible and, consequently, more challenging to counter.

“The increase in attack volume can be attributed to the affiliate models ease of access and the adoption of ransomware-as-a-service, a disturbingly effective business model for cybercriminals,” Davis stated.