Why are cyber-criminals dumping Bitcoin?

News by Davey Winder

Cyber-crime players are not stupid, which is probably why they are dumping Bitcoin and going with the smart(er) money...

Cyber-crime players are not stupid, which is probably why they are dumping Bitcoin and going with the smart(er) money...

Some European businesses started 2017 by buying up Bitcoin to prepare for ransomware demands. Cyber-criminals, meanwhile, finished the year by continuing to focus on stealing Bitcoin as a bubble-worthy valuation boom made cryptocurrency depositories a very tempting target. 

What both of these examples illustrate is the fact that for the criminal underground, Bitcoin has long been the currency (let alone cryptocurrency) of choice. Whether it is used to facilitate ransomware proceeds collection, as a money-laundering resource, or simply as something that can be stolen relatively easily and for huge reward the bad guys have been onto Bitcoin likes flies around the rear end of a cow. But is all that set to change in 2018?

Europol seems to think so, warning some months ago that cryptocurrency alternatives such as Ethereum, Monero and Zcash are gaining popularity with the online underground. "The drivers behind this could be because of the additional privacy and anonymity other cryptocurrencies have built in" suggests Javvad Malik, security advocate at AlienVault in conversation with SC Media UK. While Bitcoin transactions are not straightforward to attribute accurately, they can under certain circumstances "be partially traced and then attributed" as High-Tech Bridge's CEO, Ilia Kolochenko, points out. Indeed, it's this ability to shine light into these blockchain transactions that has improved during the course of 2017, and has caused increasing concern amongst the criminal underground. "Some new cryptocurrencies are purposefully designed to provide almost absolute anonymity to the integrity of the transactions and users" Kolochenko continues "making investigations of cyber-crime money laundering impossible..."

But that's not the only reason for the decline of Bitcoin amongst the criminal classes. The success of the cryptocurrency in terms of valuation has also played a big part as Andy Norton, director of threat intelligence at Lastline, explains. "The volatility of bitcoin pricing has been an unexpected problem for cyber-criminals as the average ransom demand has remained somewhere between £300 and £1,000, with the ransom note specifying an amount." Having to constantly change the ransom demands, to prevent effectively pricing themselves out of any victims, is problematical for the threat actors. 

Andrei Barysevich, director of advanced collection at Recorded Future, is convinced that it's this valuation volatility that has seen the change of heart amongst the criminals. "The majority of dark web actors are more concerned about practicality and ease of use" he told SC Media UK, continuing "the discussions about migration to other cryptocurrencies have been circulating in the dark web for more than a year now. The bitcoin network became entirely unusable for smaller amounts and in some cases required users to pay upwards of 30 percent commission." That's when vendors of various criminal services began adopting alternative cryptocurrency products.

However, none of this will make much immediate difference to victims of cyber-crime it would seem. "We must remember that when forcing ransom payment, Bitcoin is still the cryptocurrency of choice given its wide availability and use" argues Joseph Carson, chief security scientist at Thycotic, who adds "it is when cyber-criminals are moving money around to pay other cyber-criminals or to purchase new toys they will use an alternative cryptocurrency to keep a low profile." And let's not forget that for the vast majority of ransomware victims, any cryptocurrency is a major move into previously unexplored technical territory so the precise currency being demanded makes very little difference in reality.
Where it does, and will increasingly, make a difference is in helping catch the bad guys. With security researchers and law enforcement having some qualified success in tracking back and getting leads on the cashing out process for some ransomware attacks, this part of the investigation process stands to lose out most from any move away from Bitcoin. "If a cryptocurrency with anonymising features such as Monero finds its way into more mainstream use" warns Travis Farral, director of security strategy at Anomali "then the ability to track where money from victims goes will disappear completely..."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews