Cryptocurrency Ransomware Payments Rose by 300% Last Year
Over the past year and a half, crypto-ransomware attacks have surged by over 300%, a recent report by Chainalysis reveals. Attacks have shown no signs of slackening in 2021, forcing the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) to take additional measures.
OFAC has issued an updated advisory, highlighting the sanctions risks associated with making ransomware payments, as well as suggesting some remedies to deter future cyber-extortion attacks.
OFAC Updates Ransomware Advisory
Ransomware has evolved into a sophisticated and aggressive form of malware, shutting the networks and systems down unless corporations agree to pay the requested ransom.
Recent ransomware attacks have shut down public transportation, taken down the largest fuel pipeline in the US, and have stolen the personal data of more than 40 million people, to name a few. Moreover, a look at data by a ransomware tracker reveals that over 20 major cyber-attacks take place each month.
To address these rising issues, the OFAC has updated its ransomware advisory. Here are three key updates:
- Discouraging Ransom Payments: The OFAC reiterated that it strongly hinders companies from paying ransoms, as well as facilitating the payments. The Treasury body emphasized that paying ransoms would encourage future attacks and may also violate US sanctions.
- Prevention: The OFAC insisted that companies should revisit their security measures and make sure their practices are up-to-date.
- Cooperation: Companies are obliged to report and cooperate with the OFAC and other relevant authorities, which now includes more government agencies.
The updated advisory notes that meaningful steps are taken to reduce the risk of extortion and “will be considered a significant mitigating factor in any OFAC enforcement response.” The report adds:
“Such steps could include maintaining offline backups of data, developing incident response plans, instituting cybersecurity training, regularly updating antivirus and anti-malware software, and employing authentication protocols, among others.”
Nevertheless, data by Chainalysis shows that ransomware payments have crossed $400 million, rising by over 300% from 2019 to 2020. Moreover, Chainalysis claims ransomware attackers are not slowing down in 2021.
Bitcoin ATMs Are Loaded With Vulnerabilities
As crypto-ransomware attacks reach new peaks with each passing day and officials from everywhere underscore the need for additional security measures, it turns out that Bitcoin ATMs are stacked with numerous vulnerabilities.
A recent study by Kraken Security Labs unveils that a specific model of Bitcoin ATMs, dubbed The General Bytes BATMtwo (GBBATM2), possesses multiple hardware and software vulnerabilities. The report said:
“Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine.”
Firstly, the study revealed that multiple ATMs contain “a hash of a default factory setting administration key,” meaning that many GBBATM2 owners haven’t changed the default admin QR code. This implies that if one manages to get his hands on the “Administration Key” QR-code, they can take over all the ATMs that haven’t changed that default code.
Further, the GBBATM2 container is only protected by a single tubular lock and has no local or server-side alarm to inform others when internal components are exposed. Therefore, it is relatively easy to access the full interior hardware of the device.
Moreover, the GBBATM2’s Android operating system has very poor security features, making it pretty easy to gain direct access to the full Android UI. The ATMs also lack firmware and software verification functionalities.
Considering that the crypto ATM market is poised to see “massive growth” in the near future, such issues need to be addressed with more seriousness so that it doesn’t open a potential loophole for exploiters.
Do you think crypto regulations would help slow down ransomware attacks? Let us know in the comments below.