Crypto Ransomware & Tornado Cash Emerge as Standouts in Cybercrime: Chainalysis

This unexpected revival signals a complex challenge for regulatory bodies and highlights the adaptive nature of cybercriminal networks in circumventing sanctions.

The creation of 583 new ransomware variants in the same year points to an escalating threat to both cyber and cryptocurrency security landscapes. Kim Grauer from Chainalysis remarked on the momentousness of this escalation, revealing that “we had hit an all-time high” in ransomware activities.

Total value received by crypto ransomware 2019-2023. Source: Chainalysis

This starkly contrasts with the previous focus on other cybercrimes, such as hacking and money laundering.

Governments Fighting Back

In a robust response to these threats, the US Treasury Department has intensified its crackdown on entities linked to Russian ransomware operations, notably sanctioning individuals associated with the notorious LockBit group. The collective allegedly pilfered assets worth $9 billion from a US broker-dealer.

This move is aimed at dismantling the financial networks underpinning such cybercriminal activities. It involves blacklisting crypto addresses and necessitates the reporting of properties owned by the sanctioned individuals to the US authorities.

These developments have cast a spotlight on the evolving strategies of ransomware perpetrators. Notably, the Ransomware-as-a-Service (RaaS) model has grown alongside reliance on initial access brokers (IABs).

This ‘disturbingly effective’ business model, as described by Andrew Davis of Kivu Consulting, facilitates the proliferation of ransomware attacks. It renders them more accessible and, consequently, more challenging to counter.

“The increase in attack volume can be attributed to the affiliate model’s ease of access and the adoption of ransomware-as-a-service, a disturbingly effective business model for cybercriminals,” Davis stated.

Source