Threat Intelligence Report: Cybercriminal interest in cryptocurrencies
Cryptocurrencies were born with the creation of Bitcoin in 2009, a “peer-to-peer electronic cash system”. Bitcoin was a response to the “too big to fail” banks because it operated outside of a central authority, with no server and no one entity running the show.
Bitcoin is the most used currency on illicit markets and by cybercriminals for various reasons. It seems to be the preferred currency for criminals among the 2500 cryptocurrencies existing (as of May 18, 2020), even though it can be interesting to have a diversified portfolio with different “classes” of cryptocurrencies because of the market capitalization2.
Some ransomware operators have also started to accept other cryptocurrencies than Bitcoin to make it harder for law enforcement to track ransom payments, such as REvil/Sodinokibi that switched to the well-known untraceable cryptocurrency “Monero”. We have also observed “partnerships” between ransomware operators in order to maximize the stolen money.