As is the style of Dataroom, a video accompanies a long in-depth article focusing on ransomware attacks that demand ransom in Bitcoin. Both the article and the video highlight the fact that very important companies often fall victim to these breaches, including Campari, Luxottica, Enel and Piaggio.
The mechanism is more or less the following: the cybercriminal acts at night by entering the computer system and paralyzing it. When the computer or device is used, a message appears informing the user that the data has been stolen. If they want their data not to be disseminated, they have to pay a sum, usually in Bitcoin (or Monero). Often, this threat is accompanied by a countdown that puts a lot of pressure on the unfortunate victim.
Dataroom notes that 1 in 4 companies pay without even reporting, because reporting is tantamount to admitting a vulnerability in their computer systems. For this reason, they opt to buy Bitcoin from a common exchange, deposit it in the wallet of the criminal who then “launders ” the Bitcoin by making the cryptocurrency go round and round, making it untraceable. According to Dataroom, the services used to “clean” Bitcoin are often based in tax havens that do not cooperate with the investigating authorities.
Dataroom also tries to outline a profile of cybercriminal organisations, which very often sign themselves, have a rating, and a real price list that corresponds to what they usually charge to unlock compromised devices. According to Milena Gabanelli, they are often people from Eastern Europe or Asia, some of whom have been identified and tracked down by the FBI.
Dataroom, Bitcoin and Monero
The Corriere della Sera report notes that cybercriminals also often use Monero. The privacy coin par excellence is even less traceable.
This ransomware has, however, caused considerable economic damage.
For instance, Campari was asked for 16 million euro, Enel 14 million (for two attacks), and even the municipality of Rieti was asked for 500,000 euro. In Italy alone, these scams grew by 246% in 2020. The most protected European country seems to be Finland, while the most exposed is Belarus.
The Corriere della Sera article notes that these incidents happen because there is an obvious lack of investment in cybersecurity and very often companies only take action after the attack has taken place.
Investigators, on the other hand, can only hope that the report is made in time and that it is still possible to trace cryptocurrencies when paid.
However, the Corriere also writes, quoting Nunzia Ciardi, head of the Postal Police:
“We need legislative tools that are more consistent with the very rapid evolution of transnational cybercrime.”
And the author of the article adds:
“regulations are needed to force cryptocurrency buying and selling platforms to make their activities transparent, as is the case for financial intermediaries”.
It is in this direction that some regulations (such as that of the United States) would like to go, tightening the regulations for exchanges in the transfers to and from wallets, with the very aim of identifying and blocking suspicious transactions.