Monero’s crypto of choice as ransomware ‘double extortion’ attacks increase 500%
A new report by blockchain analytics firm CipherTrace highlights the growing role that privacy-focused cryptocurrencies such as Monero are playing in the rising tide of ransomware.
“Current Trends in Ransomware” delves into trends observed during 2021 but was only released this week. The firm revealed there was almost a 500% increase in “double extortion” ransomware attacks from 2020 to 2021. These are cyber attacks in which malicious actors steal a victim’s sensitive data in addition to encrypting it.
The report echoes similar findings from analytics firm Chainalysis, which reported that overall ransomware crypto payments topped $600 million for the period.
The new research found that last year saw increasing demands for ransom payment in Monero (XMR), with attackers adding premiums for payments made in Bitcoin (BTC) ranging from 10 to 20%. At least 22 ransomware strains (from an incomplete list of more than 50) only accept Monero (XMR) payments, and at least seven of them accept both BTC and XMR, it added.
“Higher prices for BTC are most likely seen by the ransomware actors as a premium for dealing with the increased risk in using an easily traceable cryptocurrency like BTC.”
The report cited a Russian-speaking ransomware group called Everest Group, which claimed to have hacked the United States Government in October last year. According to CipherTrace, Everest Ransomware is “currently trying to sell the data for $500,000 in XMR.”
Another example was the Russian DarkSide group responsible for the U.S. Colonial Pipeline attack in May 2021. The ransom could be paid in either XMR or BTC, but the cost was higher for the latter.
The REvil ransomware group also switched from demanding BTC to demanding payments in XMR only in early 2020.
Related: Don’t blame crypto for ransomware
Monero is a privacy-based cryptocurrency that uses a combination of technologies such as mixers, ring signatures and stealth addresses that obfuscate sending and receiving wallets. This is why it has become the primary asset of choice for those demanding ransoms.
For that reason, Monero and other highly privacy-focused cryptocurrencies such as Dash (DASH) and Zcash (ZEC) have been delisted by some exchanges in countries such as the United Kingdom and Japan.
The Monero blockchain will be hard forked in July to further enhance its anonymity and privacy properties.