An Anatomy of Encrypted Cybercrime

Oligopolies govern everything around us. Our emphasis below.

By bringing together a diverse set of public, proprietary, and manually collected data, including dark web conversations in Russian, we conduct the first detailed anatomy of crypto-enabled cybercrimes and highlight relevant economic issues. Our analyzes show that a few organized ransomware gangs dominate the space and have evolved into sophisticated enterprise-like operations with physical offices, franchises, and affiliate programs. Their techniques have also become more aggressive over time, involving multiple levels of extortion and reputation management.

It’s taken from the synopsis of an interesting new paper by Lin William Cong, Campbell Harvey, Daniel Rabetti, and Zong-Yu Wu. This is a fairly comprehensive overview of the criminal ecosystem built on top of the cryptocurrency boom, ranging from hacking, money laundering, scams, ransomware, sextortion and illegal trade.

Obviously, the data on these crimes is pretty murky, but when it comes to organized ransomware, Chainalysis estimates that the biggest gangs – primarily Conti, DarkSide and Phoenix Cryptolocker – extorted at least $180 million from victims in 2021 .

Some of them, like Conti and DarkSide, operate as “ransomware-as-a-service”, which means they rent out their expertise to affiliates. The document notes that these gangs have “even set up physical offices to conduct their ransomware activities, just like regular tech companies”, and included this excerpt from a negotiation between a victim and a ransomware gang.

— victim: “We thought we had almost 6 days left. Our management is currently reviewing the situation and determining the best solution. »

— attacker: “Until we wait for your response on the situation. We have stopped the DDoS attack on your domain, you can switch to your website. As well as your blog, where hidden. No one will see any information on this subject until we conclude an agreement. We have already agreed on other instruments which were already dealt with today.

— victim: “Okay, thank you. We want to cooperate with you. We just need a little time in this difficult situation.

— attacker: “You will get: 1) full decryption of your systems and files 2) full file tree 3) we will delete files we took from you 4) audit of your network”

— victim: “This situation is very difficult for us and we are afraid that we will be attacked again or pay and you will continue to publish our data. What assurances or evidence of file deletion can you give us? »

— striker: “We have the reputation and the word, we also care about our reputation. After a successful transaction, you will get: 1) full trees of your files 2) after confirming we will delete all information and send you a proof video, we are not interested in giving anyone else your own data. We never work like that. »

Because if you can’t trust the word of an encrypted ransomware company that has crippled your business and is extorting upper management, then what’s the point, really?

The paper is not written by anti-crypto fanatics, with the authors emphasizing that they believe cryptocurrencies and decentralized finance “potentially promote financial inclusion, reduce transaction costs, increase security, and provide new capital to start-ups”. (We note that Cam Harvey is the author of a book on DeFi).

They also argue that attempts to simply ban all space will not work and are likely to be harmful.

A one-size-fits-all solution, such as restricting or prohibiting the use of cryptocurrency by individuals or organizations, is problematic for three main reasons. First, this is not a national problem. Blockchains exist in several countries, and the strict regulations of a particular country or jurisdiction have little or no effect outside of that country. As we have seen in other global initiatives (eg carbon tax proposals), it is almost impossible to get a global agreement. Second, although a significant problem, cryptocurrency plays a small role in the overall picture of illegal payments. Physical money is truly anonymous and, indeed, this may explain the fact that 80.2% of the value of US currency is in $100 bills. It is rare that consumers use $100 bills and it is equally rare that retailers are prepared to accept them. Third, and most importantly, removing all use of cryptocurrency in a country eliminates all benefits of the new technology. Moreover, it places the country at a potential competitive disadvantage. For example, a crypto ban effectively prevents citizens and businesses from participating in Web3 innovation.

Maybe. But while it’s true that blockchain transparency could enable arduous but effective analysis of crypto cybercrime, reading this report it’s hard not to think that the cure for transparency is theoretical, but the costs are real. .

For example, Conti was not defeated earlier this year because of sophisticated blockchain analysis and law enforcement know-how, but because he supported the invasion. of Ukraine by Russia. This led an angry insider – supposedly a Ukrainian hacker – to disclose the full toolkit and internal group discussions. Whoops.