Bitcoin has been synonymous with ransomware for as long as cybercriminals have been encrypting hard drives. Now ransoms are increasingly being demanded in alternative cryptocurrencies such as Monero and other privacy coins. In this article we look at why this shift is happening, how these currencies work and what cyber professionals need to know.
Traditionally the ransomware lock-screens that have heralded a bad day for your IT Team have ended with ₿ for Bitcoin and a number representing a lot of fiat currency. However increasingly attackers have been observed moving towards cryptocurrencies that have “privacy” and “anonymity” as a native function. Hardly surprising really as hiding your ill-gotten gains is a key facet of cyber crime. These types of cryptocurrencies are often collectively referred to as privacy coins. One example is Monero – one of the more established and effective iterations of this idea.
This blog post isn’t going to be about moaning or running down cryptocurrency or privacy coins. Actually, I think that Monero falls just short of being pure genius. Of course, it has caused us as cybersecurity professionals a wealth of issues as it has become increasingly popular with criminals but it in itself is just code. Code can’t be intrinsically good or bad. The way it obfuscates almost every identifiable element of a transaction is impressive though.
Why do I need to know about this?
Typically, when we talk about ransom demands following a ransomware attack or double extortion attack we immediately think about Bitcoin. Bitcoin was for a long time the go to cryptocurrency for cyber criminals. An entire ecosystem built up on the Bitcoin blockchain to try and obfuscate where funds were moving and between whom. It all got very sophisticated. Things started to shift in our favour though with chain analysis tools providing more and more visibility into Bitcoin transactions. Then the big one happened. A ransomware attack took down Colonial Pipeline in the USA. Colonial Pipeline paid the $4.4m ransom to ransomware group DarkSide. Surprisingly, the FBI with the help of Chainalysis, managed to seize $2.3m of that ransom. Huge win for us, huge hit for ransomware groups.
This caused a shift in how major ransomware groups viewed their cryptocurrency operational security.
Dealing with the proceeds of organised crime have always been a pain point for criminals. It is the most likely way they could get caught or at the very least have their ill-gotten gains seized. There are many stories of criminals throughout history battling with ways to launder large amounts of money effectively and quickly. Cryptocurrency, and privacy coins in particular, provide a good way of circumventing the usual challenges here.
In the classic cybersecurity-adversary whack-a-mole, we started to see a significant increase in the groups demanding the ransom be paid in Monero following the FBI’s success against DarkSide. Monero is a very different beast to Bitcoin. They share little in common really. It isn’t new technology, it was launched as an open source project in 2014 but has grown in popularity in the last few years. The PR spin put on it is that it provides “censorship resistant” transactions. That is true but it also affords robust privacy to ransomware groups.
This article is going to briefly outline how Monero works and what this means for your organisation should you need to decide whether or not to pay a ransom in Monero.
What is cryptocurrency?
Let’s start at the very beginning. Monero is a cryptocurrency, a digital currency that uses encryption technologies. The transactions made are verified and added to a public ledger, known as the blockchain, by a decentralised system. The argument is that the ledger of transactions provides everyone with a high degree of assurance in the integrity of those transactions.
I’ve heard of Bitcoin but how is Monero different?
Bitcoin is probably the most well known of the many cryptocurrencies but it actually doesn’t afford people with the most privacy or anonymity.
Cryptocurrencies can either have privacy built in as a native function at protocol level or that privacy can be app based. Bitcoin uses the latter system, whereas Monero employs the former. That makes a big difference to us and to cyber criminals.
What is “privacy” in this context?
Privacy in this context really means hiding the who, what and where elements of a transaction. There are really two main elements that make up cryptocurrency “privacy”.
- Unlinkability – this means I can’t link any payment or amount to your address.
- Untraceability – this means the outputs or transactions get “mixed” up sufficiently that I can’t tell who is sending what to whom or where any of the currency is moving.
True privacy needs both but they can exist without the other.
Monero does both of these making it very difficult to see who is behind a transaction, what the amount is and where it went. Which undoubtedly makes it a great money laundering tool.
Lets look at these two components in turn:
Let’s say you buy yourself some Monero. You get a public address (a bit like a bank account number) but funds you own will never be associated with that public address. Which means, unlike Bitcoin, even if I know what your public address is, I can’t see how much you have in that “account”.
Now you have your Monero you decide you want to send some to me. You know my public address and I know yours. So how does Monero ensure that the transaction you are about to make to me is hidden from the world? It does this in a pretty clever way.
When you send me the funds a randomly generated one-time use only address gets created. This one time address is what gets entered onto the public ledger. So publicly you can’t tell that I received any funds. My public address is hidden from the record if you like. The same is true for your public address as the sender. So other people can see a transaction took place and it is recorded correctly but can’t be linked to you nor I. These one time addresses are known as “stealth addresses”. You and I know the truth behind the transaction but that is it.
So that’s the unlinkability element of the privacy function, but how does Monero ensure that people can’t see when that recipient (in this example, me) spends the funds you sent me? This is where the second privacy element, untraceability, comes in.
Monero solves this through the use of ring signatures. These enable “transaction mixing” to take place. So when you send funds to me a number of other users’ funds are also randomly chosen to appear in the transaction. This obfuscates the source of the funds being sent. Nobody can tell who was the true source of the funds. The number of people that get added to this list can vary. Clearly the more people you add the more robust the obfuscation. You add random people to your transactions and they will be doing the same with you. The net result has two benefits. Firstly, people can’t tell it was you transacting because of all the “noise” you added. Secondly, everyone looks like they are making lots of transactions even if the account is dormant, so accounts that are “high volume” can’t be identified easily.
In addition, the amount in any transaction is also hidden. This is done by applying a mathematical function so only the sender and receiver actually know and can see the real amount being sent.
There is one final piece to the privacy puzzle, what about your location? Monero has this covered too by the use of something called “Kovri”. This basically operates in a similar way to TOR. Encrypting and routing the traffic in such a way that you can’t tell where someone is transacting from.
In summary you can’t link funds or transactions to a particular address, you can’t tell who is behind a transaction or how much that transaction was for and you can’t tell where someone was located when they made the transaction. Pretty genius, pretty concerning.
By its very design, Monero could be useful for activists operating in repressive regimes as well as helping evade the “Know Your Customer”/ “Know Your Transaction” rules, anti-money-laundering legislation or for tax evasion and funding other illicit activities. All these come as part and parcel of the trade off with having native privacy.
It isn’t in dispute that there are benefits to true financial privacy, and Monero pretty much stops people being specifically targeted and robbed because of how it uses stealth addresses. So it undoubtedly has a plethora of benefits over Bitcoin.
Monero also has a few other “warm and fluffy” benefits over Bitcoin too. It is actually much faster than Bitcoin and generally cheaper to transact on. It does use the proof of work mechanism like Bitcoin but in a less resource intensive and thus more environmentally friendly way, if that was really a concern given what I just highlighted above!
Monero and Ransomware
This robust level of anonymity has benefits for lots of different groups and I am sure that it does serve a function when trying to get around censorship, as the PR spin highlights. It’s also not hard to see why unlinkability and untraceability could be desirable functions for ransomware groups though, and that is really where the concern comes in.
Bitcoin is still being demanded in ransomware attacks but increasingly the larger ransomware groups are offering the option of paying in Monero – at a discount over Bitcoin. There is a good business reason for this. If you pay in Bitcoin it will cost them time and money to run the funds through mixing services on the Bitcoin blockchain to try and achieve the same level of obfuscation they can get on Monero upfront. There is also a much greater risk to them having the funds intercepted or having them stolen by another criminal enterprise. A lot of these mixing “apps” on the Bitcoin blockchain are custodial, meaning that the criminals have to actually hand over their Bitcoin to the “account” of another, likely criminal, organisation. These then get mixed with other funds and transferred out. This brings a risk that the funds could be stolen by the mixing service. There is no honour amongst thieves after all. This drives the desire to encourage victim organisations to pay in Monero.
There are some impressive tracing tools being developed to try and furnish us with more visibility on the Monero blockchain especially by companies like Chainalysis. As is always a reoccurring theme in cyber security, they innovate, we innovate, they innovate again. This is a key battle ground though because if the moving of funds became more costly and more high risk for criminals then we may see the tide turn in our favour.
What should you do with this information?
- It is important to know the basics of how Monero works and explain it in simple terms to your board, exco or CMT. That way if the question of whether or not to pay a ransom arises they have all the facts to make a decision. For instance, when I run cyber exercises there can sometimes be a belief that the “Bitcoin we paid can be found and returned so we may get it all back”. Firstly, that’s very unlikely with Bitcoin but almost certainly not going to be possible if you pay in Monero. So this may impact their decision making. If you are being asked for payment in Monero it could also indicate the attackers are a more sophisticated or a larger ransomware group. Paying in Monero, on the flip side, would currently make it very difficult for any outsider to ascertain that you had paid the ransom. I am not advocating for such a deceptive approach at all, transparent comms in a ransomware attack are crucial in my opinion, but it remains a fact nonetheless. Paying in Monero will likely afford you some price negotiation opportunities for the aforementioned benefits it affords your attackers. As ridiculous as that sounds!
- If you do pay a ransom in Monero you will need to work out, ideally before you have your back against the wall, how your organisation would acquire Monero and who would need to approve that. It isn’t as straightforward to acquire as Bitcoin and there have been some serious challenges around its liquidity and availability making it much harder to acquire in any significant amount, such as the amount needed to pay a ransom which is often in the 6 or 7 figure sums.
- Paying in Monero will definitely decrease your ability to conduct due diligence on the attacker. You can’t see what transactions have been going through that address like you can with Bitcoin. So you need to keep that in mind.
So that’s a brief run-through of what privacy coins are and how they relate ransomware payments. It is important, as cybersecurity professionals that we understand at least to a basic level how different technologies work and how that should impact our decision making. The level of understanding of both cryptocurrencies and how they are used by cyber criminals is low in our industry. Hopefully you now have a better understanding of what Monero is, how it works, why criminals are attracted to it and what this could mean for your organisation.