Organizations in the United Kingdom allegedly suffered a record number of ransomware attacks last year, according to an analysis of a dataset published by the Information Commissioner’s Office (ICO).
In his security incident trends – which are reported to the data protection regulator – The ICO has revealed that criminals have compromised the data of potentially more than 5.3 million people from over 700 organisations.
Ransomware is a form of cybercrime in which bad actors use malicious software to encrypt data on victims’ computers or deny them access to critical systems, and demand the payment of a ransom in exchange for restoring access to the victim.
This form of crime has been around for several decades, and has become particularly lucrative in recent years as criminals have identified ways to launch attacks with increasing effectiveness and efficiency. Unfortunately, the emergence of cryptoassets and blockchain technology has also contributed to this growth.
According to an analysis of ICO data, the number of ransomware attacks in the UK is on the rise. Such breaches reportedly accounted for 20% of all cybercrime incidents in 2020, before rising to 28% the year after and then 34% in 2022.
According to The Record, British Secretary of State for Security Tom Tugendhat said in a statement: “The UK is a prime target for cybercriminals. Their attempts to close hospitals, schools and businesses have put people’s lives at risk and cost taxpayers millions. Unfortunately, we have seen an increase in attacks.”
Worryingly, the actual number of ransomware incidents is actually unknown, as victims are not required to report attacks to UK police. Furthermore, darknet extortion sites yield only a fraction of victims who refuse to pay the ransom.
This has worried UK law enforcement agencies, who fear ransomware victims are keeping incidents secret. In May 2023, the ICO and the National Cyber Security Center (NCSC) published a joint blog post saying they were “increasingly concerned” that affected organizations were hiding such incidents from regulators and law enforcement.
The attacks aren’t just limited to the UK, of course, and the scope and scale of these breaches is growing.
Big targets
Using a technique known as “big game hunting”, ransomware groups are increasingly targeting larger institutions such as hospitals, energy companies and other key infrastructurein an attempt to extract the highest possible ransom.
In this way, ransomware gangs operating from countries like Russia, North Korea and Iran collect hundreds of millions of dollars each year.
Higher-profile ransomware groups that have carried out these larger attacks include the likes of North Korea Lazarus GroupRussian Cyber crime outfit and DarkSide organization.
Crypto connection
As we mentioned earlier, cryptoassets have been a significant contributor to the growth of ransomware. Most ransomware payments are made in Bitcoin, which allows attackers to receive payments from victims into private Bitcoin wallets that are not held by a regulated institution.
However, after receiving payment in Bitcoin from their victims, ransomware attackers generally need to convert their funds at a crypto exchange or other VASP into fiat currencies, such as Russian rubles, euros, or other currencies. And because the Bitcoin blockchain is highly transparent, the flow of funds from these attacks can be observed as ransomware gangs attempt to launder them through the crypto ecosystem.
Of course, agencies such as the US Treasury’s Office of Foreign Assets Control (OFAC) and the UK’s Office of Financial Sanctions Enforcement (OFSI) have been undertaking sanctions against these groups for several years.
As the ransomware threat continues to grow, crypto crime investigators must be aware of the threat posed by ransomware gangs and understand how to track money through the blockchain in order to dismantle and disrupt these groups.
What can be done?
One of the key weapons available to combat ransomware attacks is the ability to track payments via blockchain.
Ransomware attackers can use services such as decentralized exchanges (DEX), which allow them to seamlessly exchange funds, and cross-bridges, which allow the movement of funds across different blockchains, to mask the connection to sanctions for their activity. Many DEXs also do not require Know Your Customer (KYC) information, making it easier for their criminal activities to remain anonymous.
The smartest criminals today have learned how to avoid detection by law enforcement and mainstream blockchain analytics providers. Instead, they use sophisticated money laundering methods to try to hide their activities from law enforcement. Such crime is accelerating faster than expected; Cross-chain and cross-asset services are now being used to launder billions of dollars worth of illicit or high-risk funds.
Multi-chain crime refers to the conversion of crypto-assets from one asset to another in order to conceal their illicit origin. These conversions are often triggered in rapid succession, a tactic known as “asset hopping” or chain hopping, depending on whether the assets are moving within or across the blockchain.
Take the case below, for example, which shows the Lazarus Group swapping stolen Bitcoins from one blockchain to another – only to end up with Bitcoin again – using cross-chain bridges.
In response to this threat, Elliptic released its own Holistically powered blockchain analytics capabilities – an industry first – that enables programmatic and large-scale screening, monitoring, tracking and investigation of activity across multiple blocks and assets simultaneously. This next generation of blockchain analytics capabilities has allowed us to uncover new insights into the true scale of cross-chain crime.
Furthermore, by using forensic crypto monitoring capabilities such as Elliptic Investigatoragents can monitor ransomware gangs’ attempts to engage in money laundering using cross-bridges and other related services.
Using these tools, law enforcement investigators can use Elliptic’s cutting-edge blockchain technology to apprehend criminals and recover victims’ lost funds.
Contact us
For more information, you can Contact us for a demo to learn more about how our solutions can help you conduct successful cross-border money laundering investigations involving ransomware and other crimes.
To learn more about the growing threat of crime in various chains, you can pre-register to receive our upcoming “The State of Inter-Chain Crime” report.
Also, click the button below to download our “2023 Typologies Report”, which examines the latest crypto crime methods and the best tools police can use to fight back.
Download your copy
Compliance with EMEA regulations