The rise of Bitcoin (available on Coinbase) ransomware attacks has been covered extensively in the media in the past 12 to 18 months. One pundit has even suggested that one of the reasons why the price of Bitcoin (available on Coinbase) has rallied so much is because companies are stockpiling Bitcoin (available on Coinbase) to mitiGate the effects of potential future ransomware attacks.
However, a new study suggests that the media hype surrounding ransomware attacks that use Bitcoin (available on Coinbase) as a payment mETHod is not merited in light of the comparatively small market size of these cyber attacks.
The actual size of the Bitcoin (available on Coinbase) ransomware market
According to a study titled ‘Ransomware Payments in the Bitcoin (available on Coinbase) Ecosystem’, researchers estimated the market for Bitcoin (available on Coinbase) ransomware payments was only $12.8 million. This shows that the actual financial impact of Bitcoin (available on Coinbase) ransomware attacks has been minimal.
While the rise in ransomware attacks has greatly disrupted the functioning of businesses and public sector institutions, the reality is that the economic significance of Bitcoin (available on Coinbase) ransomware attacks is much less than it may seem.
“We […] find that the market is highly skewed, dominated by [only] a few […] players. From these findings, we conclude that the total ransom amounts gathered through ransomware attacks are relatively low compared to the hype surrounding this issue,” the researchers stated.
Different forms of Bitcoin (available on Coinbase) ransomware
To analyze the Bitcoin (available on Coinbase) ransomware market, the researchers gathered information on Bitcoin (available on Coinbase) transaction related to ransomware attacks based on their footprint on the Bitcoin (available on Coinbase) blockchain and have used the GraphSense cryptocurrency analytics platform to investiGate Bitcoin (available on Coinbase) ransomware attacks’ financial flows.
The researchers have found that there are two common modes of ransomware attacks. The first mode locks users out of their devices by disabling their operating system. When the user attempts to launch his or his device, a ransom note appears requiring a payment in cryptocurrency to be transferred for the device to function again. The second mode of attack is more technologically advanced and makes use of cryptography. A user’s files are encrypted and the decryption key can only be accessed upon payment of the ransom.
Furthermore, the researchers have found that there are 505 known ransomware families of which almost all demand Bitcoin (available on Coinbase) (BTC) as the ransom payment currency and that the use of cryptocurrency tumblers, also known as coin mixers, is a common mETHod for laundering the illicit funds. Gambling sites and Bitcoin (available on Coinbase) exchanges are also being used by attackers to launder their ransom bounties.
After analyzing the financial impact of 35 ransomware families between 2013 and 2017, the researchers found that “the minimum worth of the market for ransom payments represents $12,768,536 (22,967.54 BTC),” and that “the ransomware market is dominated by a few kingpins.”
The researchers also found that the initiatives that have been developed by the cybersecurity community, such as “No More Ransom!”, which make ransomware decryption tools freely available, have had a positive impact on mitigating the economic impact of these attacks.
Despite small size of ransomware market, attacks are still disrupting
An analysis of the WannaCry ransomware attack in May 2017 showed that the attackers only ended up earning around $140,000 in Bitcoin (available on Coinbase) as most of their victims decided not to pay.
NonETHeless, despite the modest economic impact of the attack, it caused havoc for businesses and public sector institutions such as hospitals in the UK and the German railway network. Hence, while the actual amount of ransom payments that have been processed were tiny, the impact of these attacks was felt sTron (available on Binance)gly by those affected.
The researchers agree that their “observations do not mean that the ransomware threat should be underestimated. Although the minimum worth of the market for ransom payments – taking into account 35 families – is a relatively modest amount (about $12 million) compared to the hype surrounding the issue, the overall direct and indirect damages they caused to individual and organizational victims are much higher.”