Deploy your apps to a supercloud in a few clicks

This Engineering Education program is supported by Section. Instantly deploy your GitHub apps, Docker containers or K8s namespaces to a supercloud.

Try It For Free

Cryptocurrency both as an Enabler and a Solution to Ransomware

November 19, 2021

Ransomware continues to cause harm despite implementing prevention and mitigation steps suggested by cybersecurity specialists and other players. Newer malware enablers are a significant contributor to this trend. Cryptocurrency is one of such enablers of increased malware spread.

Various players in the tech industry have proposed divergent solutions to mitigate malware attacks, including banning cryptocurrency usage. Some believe that the best solution is taking the necessary steps to limit the spread of cryptocurrency-enabled ransomware.

This article discusses the ransomware problem with crypto, cryptocurrency mining malware, and how cryptocurrency solves the ransomware problem.

The ransomware problem with crypto

Cryptocurrency networks allow you to exchange payments across borders, devoid of authoritative third parties. Cybercriminals leverage this to receive anonymous payments in the form of virtual currencies such as Ethereum and Bitcoin, which are difficult to track. Attackers have converted crypto to a platform for receiving illegal payments across borders with their own regulation, scrutiny, and rules.

So, it is sound to say that cryptocurrency use is an enabler to ransomware activities. It serves as an income stream for cybercriminals and does not pose significant risks to these attackers. Internet anonymity and the fact that cross-border extradition and cooperation are not straightforward are the reasons that cybercrime attracts high profit at low risks.

Operating cryptocurrency does not involve validation processes such as know-your-customer (KYC) processes seen with financial institutions. If an Automated Clearing House (ACH) payment issue or a wire fraud problem happens in a regulated financial institution, the transfer is revoked or stopped. Cryptocurrency transactions do not provide for stoppage or revocation in such scenarios.

That is why attackers prefer making million-dollar transactions through crypto than sending wire transfers and international payments using fiat currencies. But this is not to allude that crypto is the cause of increasing ransomware activities. Rather, crypto is a significant catalyst to the sudden growth of ransomware activities.

Cryptocurrency mining malware

Cybercriminals are not only using cryptocurrency networks to exchange payments. They are also mining cryptocurrencies from the systems of their targets using malware. These cybercriminals access the victims’ computers by distributing malware through infected files, websites, and pirated software. Infected download websites and software contain a crypto mining dropper. The malware is loaded onto your computer unnoticed through a drive-by download when operating an infected website. It mines selected cryptocurrency from your system for the hackers.

The crypto mining malware uses your computer resources in such a way that you would not know. Cybercriminals are keen not to be discovered when digging cryptocurrency. They do not want your device to run at the maximum computing power. Because you can hardly operate your device when running at 100% computing power. Otherwise, you will notice a malicious activity and take countermeasures. That is why cybercriminals usually set a computing power usage limit for Crypto Mining Malware to about two-thirds.

These cyber attackers also program Crypto Mining Malware to detect the start of the applications that use resources and throttle malware’s activities accordingly. The malware can also bypass antivirus programs. Cybercriminals also use bot networks to compromise multiple computers at a go.

This kind of attack where cybercriminals use the computing power of your computer to mine cryptocurrency is known as cryptojacking. Victims of Cryptojacking experience the following negative effects on their device systems:

  • Overheating computers.
  • Decrease in device performance.
  • Weakening of system networks.
  • Increased processor usage.
  • System slow down.
  • Higher than usual battery-draining.
  • Increased processor usage.
  • Unusual CPU fan speeds.

Cryptocurrency as a solution to ransomware

While handles with cryptocurrency misuse exist, many sectors are using the technology for its intended and designated purpose and are recoding immense benefits. Cryptocurrency is one of the most widespread ways of transacting in the digital network world. It is practical to many utilizations, and that is why it is implemented into many use cases. One of those is creating cybersecurity solutions and curbing cybercriminal activities.

Disrupting the ransomware supply chain is a significant step towards tackling ransomware. Cryptocurrency blockchains act as a data source that ties the actors in the ransomware supply chain (launderers, cashout points, infrastructure services providers, affiliates, and developers) together. So, ransomware groups using cryptocurrency for ransom payments are beneficial to tracking cybercriminals. Yet this may seem illogical at first. Since blockchains are transparent, investigators can follow how the money on the blockchain has exchanged hands using blockchain analytics tools. With that information, they can disrupt the supply chain and suspicious transaction patterns.

Virtual Asset Service Providers (VASP), authorities, and providers of cryptoasset and cryptoassets exchange-related services use blockchain analytics tools to monitor transactions and detect patterns related to ransom attacks. Furthermore, blockchain analytics providers can identify the receivers and senders of cryptocurrency funds. They do this by aggregating information outside the blockchain. This information is known as off-chain data. It is generally non-transaction data stored outside the blockchain owing to its large size, and it is free from the limitations of blockchain. Analysts rely upon on-chain and off-chain data to analyze transaction history and detect transaction patterns. That is how they identify blockchain addresses of illegal actors and track illicit funds.

Investigators used this technology to track and arrest Vachon-Desjardins. Blockchain analysis associated Vachon-Desjardins with at least 345 addresses. The report alleged that he received Bitcoin valued at more than $14 million. Before his arrest, this Bitcoin had risen its value to around $27.6 million.

Criminals take laundered cryptocurrency to banks through crypto exchanges. They convert cryptocurrency to fiat currency from banks. This would make it easy to detect and track transactions and cybercriminals are aware of this. So, they use non-compliant exchanges and mixers to make tracking difficult. Typically, they mix their bitcoins with those of other users, so they are not easily detected.

Hackers also use other strategies such as peer-to-peer (P2P) platforms and peel chain patterns to make detection difficult. Peel chain pattern is a trick that hackers rely on to obfuscate illicit funds. They transfer ransom funds through multiple bitcoin wallets to conceal the trail of illegally acquired cryptocurrency. P2P platforms allow hackers to exchange cryptocurrency with other hackers to avoid authorities.

Blockchain analysis allows the tracing of such malicious actions in real-time. Authorities monitor suspicious activities identified on on-ramps and off-ramp for crypto and fiat.

Off-ramp services allow users to exchange cryptocurrencies for fiat. On-ramps services allow users to exchange fiat currencies (say US dollars) for cryptocurrencies (such as Ethereum, Bitcoin). The use of blockchain analysis blocks cybercriminals from liquidating illicit gains while averting future recruitment to such activities.

Blockchain analytic technology has advanced that you can now track transactions that take place between different cryptocurrency exchanges. This includes transactions between an illicit entity and a cryptocurrency exchange.


The rise of cryptocurrencies provides significant value to the financial services industry. Cryptocurrency transactions are speedy, and this promotes global business. Yet, the increased use of these cryptocurrencies has also contributed to the risk of a ransomware attack.

While banning the use of cryptocurrency is one of the proposals to reduce attacks, it may not work. What the crypto industry needs to limit the spread of ransomware attacks are technologies such as blockchain analysis. Using crypto as the immutable and transparent source of truth will go a long way in disrupting the global ransomware supply chain.

Further reading

Peer Review Contributions by: Collins Ayuya