Ransomware: the Currency Has Changed, but the Threat Is All the Same
| Jurisdiction | United States,Federal |
| Citation | Vol. 52 No. 1 Pg. 12 |
| Pages | 12 |
| Publication year | 2023 |
January, 2023
Ransomware
The Currency has Changed, but the Threat is All the Same
BY SCOTT GREENE AND JEFF MARTIN
Ransomware is a type of malicious software, often referred to as malware, that restricts access to computer files, systems, or networks and demands a ransom payment to restore access. Incidents of ransomware attacks are on a steep rise. According to cybersecurity company SonicWall, the first three quarters of 2021 saw a 148% surge in global ransomware attacks, with a predicted record-breaking 714 million attacks by the end of the year. This is of particular concern in the United States, which leads the world in the number of attacks. The sophistication and variety of attacks are constantly growing, making this a top cyber security issue to be aware of and protect against.
Types of Ransomware
Traditionally, single extortion attacks such as locker ransomware and crypto ransomware have been used to ransom data. Locker ransomware encrypts the entire computer system, while crypto ransomware encrypts all or some files on a computer system to block authorized users' access.
Double extortion ransomware involves a two-tiered attack where threat actors not only encrypt files but also export the encrypted data. The threat of publishing the stolen data is then used to pressure firms to meet ransom demands. The stolen data is usually published or further ransomed on the dark web to the highest bidder. This type of ransomware has become increasingly popular.
Grubman Shire Meiselas & Sacks fell victim to this type of ransomware in May 2020. The entertainment and media law firm's computer system was encrypted, and files also were stolen. The ransomware group REvil, which carried out the attack, demanded payment in the form of $42 million in cryptocurrency. In this case, double extortion ransomware was used to force payment after the firm attempted to negotiate with the ransomers. The criminal group leaked 2.4 gigabytes of the stolen data onto the darknet to strongarm the firm into paying.
The Proliferation of Cryptocurrency and Bitcoin
Cryptocurrency provides a level of anonymity that is nearly impossible to achieve with traditional forms of monetary transactions. Unlike traditional banking, there is no personal identifiable information attached to the destination address tied to the ransom. As the most popular and accessible cryptocurrency, Bitcoin has become commonplace in ransomware attacks. Threat actors therefore heavily rely on this means of payment to remain anonymous and ensure that their victims can comply with their demands.
Although Bitcoin transactions are transparent by design to allow for transaction validation, threat actors have employed available services to limit the risk of exposure. Cryptocurrency tumbling services provide an extra layer of anonymity by mixing funds that are p otentially identifiable with a pool of other funds. This process is random, which makes tracing the source of the transaction difficult because the amount of funds and the number of times the funds are mixed is arbitrary. Law enforcement experts are left with a complex transaction trail that can be nearly impossible to trace.
Why are Law Firms Ripe for the Picking?
The very nature of attorney-client relationships involves the exchange of personal identifiable information and other sensitive information such as trade secrets, potentially damaging information regarding the client's criminal activity, or tax return information relevant to business operation. As a matter of professional ethics, attorneys are required to keep this information confidential. Law firms are...
To continue reading
Request your trial