As cryptocurrencies are largely anonymous, convenient, and global in nature, some of the world's biggest criminal groups have bet big on them as a way to launder money and stay one step ahead of the police, tax, and security forces.
Cryptocurrency has become a favored means for many threat actors to monetize cyberattacks. While, perhaps, the most well-known application of crypto including Bitcoin (BTC), Ethereum (ETH), and Monero (XMR) in the criminal realm is when ransomware payments are made, more covertly, cryptocurrency mining is also a problem.
Cryptocurrency mining malware, when deployed on PCs or unsecured servers, quietly siphons away computing resources to generate virtual currency which is then sent to wallets controlled by its operators.
Monero was chosen as the cryptocurrency of interest and crypto mining activity for this coin, against its value, between November 2018 and June 2021, was analyzed.
"Monero is a favorite for illicit mining for a variety of reasons, but two key points are: It's designed to run on standard, non-specialized, hardware, making it a prime candidate for installation on unsuspecting systems of users around the world, and it's privacy-focused," the researchers say.
The anonymity built into the digital ledger system known as blockchain, which forms the foundation of Bitcoin and other cybercurrencies, can be leveraged through a variety of maneuvers. A ransom paid in Bitcoin can be swiftly run through a so-called cryptocurrency mixer, which obscures the trail of ownership by pooling it with other people’s holdings. (While the practice itself is not considered illegal, mixer operators can get into trouble if found to have laundered illegally gotten money.) Another option is to convert the ransom payment to a different cryptocurrency via a crypto exchange. So-called money mules can be recruited on dark web forums and directed to withdraw Bitcoins out of certain accounts.
There have always been myriad ways to launder money -- that is, to obscure its roots in illegal activity. In the past, ransomware payments were delivered by money transfers through services like Western Union, prepaid gift cards, wiring of funds into above-board bank accounts that are quickly transfered out by the criminals, even cash in duffle bags left at designated areas for pickup.
Good news is, all Bitcoin transactions, while anonymous, are available for anyone to see, so someone tracking a particular Bitcoin wallet can observe when cash arrives. But accessing the money inside the wallet requires a private key, essentially a password, and that’s something ransomware groups do not normally share with anyone outside their operation.
Regulation may be coming. In April, the Ransomware Task Force, a private-public partnership created by the Institute for Security and Technology, published an 81-page report with recommendations for how governments can protect against and deal with ransomware attacks. The group urged governments to extend Know Your Customer (KYC), Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT) requirements -- which national and international authorities enforce against banks around the world -- to crypto exchanges, kiosks (crypto’s version of automated teller machines) and over-the-counter trading desks. Calls to ban Bitcoin altogether have been quieted by the currency’s gradual acceptance by the financial industry.