Cybercriminals had a wake-up call after the FBI successfully breached a cryptocurrency wallet held by the Colonial Pipeline hackers by following the money trail on bitcoin’s public blockchain. The FBI bitcoin recovery proved to hackers that Bitcoin is ‘traceable’. Hackers have already started updating their tools to use a privacy-enhanced cryptocurrency called Monero Coin. With Monero coin hackers have a greater degree of privacy-protecting them from a similar fate to the FBI Bitcoin recovery.
Savvy hackers have changed their strategies to demand payments in Monero, a cryptocurrency focused on ‘Privacy and Anonymity’. The privacy token runs on its own blockchain, which hides virtually all transaction details. The identity of the sender and recipient, as well as the transaction amount itself, are hidden. Because of these anonymity features, Monero allows cybercriminals greater freedom and privacy from the public blockchain that bitcoin requires.
Fred Thiel, former chairman of Utimaco, one of the largest cryptography companies in Europe, had this to say about Bitcoin and Monero:
“On the bitcoin blockchain, you can see what wallet address transacted, how many bitcoin, where it came from, where it’s going. With Monero, [the blockchain] obfuscates the wallet address, the amount of the transactions, who the counter-party was, which is pretty much exactly what the bad actors want.”
Monero has become widely used in many Ransomware-As-A-Service (RAAS) tools purchased on the Dark Web. REvil, for example, has been giving discounts to its ransomware victims if they complete their ransom payment in Monero.
Monero’s Potential Setbacks
One issue with Monero is it’s difficult to purchase the cryptocurrency as many vendors don’t list it due to regulatory concerns. The former chairman of Utimaco mentioned that he “would wager the U.S. and other regulators are going to shut them [Monero] down pretty hard. One way they could go about that: telling exchanges that if they list Monero, they risk losing their license.” There currently aren’t many ways the government can intervene with cryptocurrency issues like these, as the industry is currently unregulated and oftentimes the hackers aren’t in US jurisdiction.
CyberHoot General Advice
The implications of this bitcoin recovery are different depending upon who you are. We’ll conclude this Blog with recommendations for different parties.
Recommendations for Cryptocurrency Investors
Before you invest in Monero Coin, you should consider the potential for regulators of cryptocurrency exchanges to shut down the use of Monero coin. Given the extreme privacy of this cryptocurrency, there will be great pressures to shut down or prevent the conversion of Monero Coin to hard currencies like US dollars.
Cryptocurrency Best Practices
It’s a relief the FBI has the ability to recover funds in some cases, but you shouldn’t expect to get your money back as Colonial did. With that said, there are certain things you should be doing in light of these events:
- Don’t put all your crypto coins in hot wallets. When you entrust your savings or your wage payments to a bank, you are doing so with years of regulatory scrutiny and protection to back you up. In the unregulated cryptocurrency world, you are largely on your own if something goes wrong. Don’t keep more than you can afford to lose in a hot wallet.
- Don’t expect to keep a secret such as a Bitcoin password or ATM PIN if you tell it to other people. As Benjamin Franklin is supposed to have said, “Three people can keep a secret if two of them are dead.” Remember: If in doubt, don’t give it out.
Recommendations for Business Owners
There’s really no change in the recommendations for business owners based upon this event. You still do not want to be hit with ransomware regardless of whether it uses Bitcoin or Monero coin. It’s still a bad event that disrupts your business. Take CyberHoot’s recommendations below to protect your business as always.
- Don’t keep all your data online all the time. Ironically, perhaps, one important defense against ransomware in the first place is to maintain an offline backup, ideally one that is also off-site. Keeping your crypto coins, as well as any truly private or critical data, offline – is a similarly useful precaution.
- Alternatively, choose a backup solution with time-based versioning enabled. This allows a business to restore their data from a version prior to the ransomware event occurring.
- Don’t expect to get your money back as Colonial Pipeline did. You need to think of crypto coin recovery as a rare exception, not as a common rule. As explained above, it typically requires a high-profile case, plus strong operational intelligence, plus a bit of plain old luck, for law enforcement to achieve a result like this.
In addition to these cryptocurrency-specific actions, your company needs to take proactive measures to first reduce its chances of being hit by ransomware. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:
- Adopt two-factor authentication on all critical Internet-accessible services
- Adopt a password manager for better personal/work password hygiene
- Require 14+ character Passwords in your Governance Policies
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan at CyberHoot.