top of page

New blockchain analytics tools are being used effectively to fight against ransomware threats

Changes in how businesses work and more people working from home all over the world, along with the increasing use of cryptocurrencies, are making new ransomware threats for businesses. But as these threats grow, so does the use of strong new tools like blockchain analytics to fight against this expensive problem.

Organized crime is earning cash

Organized crime is taking advantage of the increasing sophistication of ransomware attacks. Apart from encrypting data to disable businesses, hackers nowadays often steal confidential or critical data and demand ransom for its safe return. If the victim doesn't pay, the data is made public. There is also a new type of malware called 'commodity malware' that appears as low-level malware in business systems but is designed to access the target, gather valuable data, and share it with attackers to launch their extortion attempts.

Also, when cryptocurrencies and ransomware come together, they make a strong tool for organized crime groups. Ransomware is proving to be a highly profitable business for criminals, and the rapid growth of liquidity in cryptocurrency markets is providing more opportunities for lucrative attacks on businesses.

Using blockchain analytics to track money

Blockchain analytics tools are becoming increasingly important for authorities, Virtual Asset Service Providers (VASPs), cryptoasset companies, and exchanges like Coinbase. They help monitor and detect suspicious transaction patterns related to ransom attacks by 'following the money'.

Bitcoin is the most commonly used cryptocurrency in these attacks, but it is also considered the most detectable. This is because it is not completely anonymous, but rather `pseudo-anonymous'. On the public bitcoin blockchain, every transaction can be seen. While these transactions don't show who's sending or receiving money, the bitcoin addresses they use can give hints about who they are.

Blockchain analytics providers use off-chain data to identify the senders and receivers of funds. They figure this out by looking at past blockchain data and knowing about both good and bad people and their techniques. This helps them see patterns in transactions. With this information, they can find the blockchain addresses of people doing bad stuff and follow where their money goes.

Criminals change their laundered cryptocurrency into fiat currency and transfer it to banks through crypto exchanges. They might use mixers or exchanges that don't follow rules to hide what they're doing. These mix their bitcoins with other people's to make it harder to tell where the money came from. Or, they could use peer-to-peer platforms to swap cryptocurrency with other people to avoid getting caught.

Attackers also use a method called the "peel chain," where they send ransom money through lots of different bitcoin wallets to hide where the illegal cryptocurrency came from.

Making strides in fighting expensive attacks 

Blockchain analytics tools are becoming a valuable resource in the fight against costly cyberattacks. These tools can assist virtual asset service providers (VASPs) and authorities in checking crypto wallets and transactions for links to illegal activities. They also give scores to show how risky the addresses users are dealing with might be, helping them find, handle, and reduce risks.

By using these tools, businesses can prevent illegal funds from being laundered through their systems or detect such activity and report it to authorities.

Recently, blockchain tools played a significant role in making ransomware attacks less attractive. In the May attack on Colonial Pipeline, US investigators managed to recover millions paid out by identifying the bitcoin wallet that received the payment. Blockchain analytics firm Elliptic observed that the wallet had received bitcoin payments since March, and though most of the payments were moved out, about $2 million remained in the same account, which the FBI seized.

Lots of cybersecurity companies are using blockchain analysis tools to help their clients find "dirty money" linked to ransom attacks. They are taking different approaches to help clients in this context, such as designing anti-money-laundering (AML) and counter-terrorism financing (CTF) models to detect and mitigate risks associated with the entry of illicit funds.

They have integrated blockchain analytics tools into operational monitoring, enabling the detection of potential risk patterns in client behaviour and identifying connections used to receive funds related to ransomware attacks. Also, they're making reports to check where the illicit funds came from to see if it's linked to ransomware attacks or the dark web.

Dealing with the danger of increasing threats today 

Research by Verizon shows that up to 90% of ransomware campaigns target known vulnerabilities to gain initial access, making it vital to address the growing threat. Also, the risks from outside companies are getting more important, because when there's an attack or something goes wrong in the supply chain, companies often switch suppliers without being careful enough. This brings new dangers.

The trend of work-from-home has significantly increased the adoption of cloud services, providing instant access to business networks, which has been very convenient for businesses but also for potential attackers. This has led to an increase in ransomware as a service, where cybercriminals encrypt data within the compromised organization and hold it ransom.

It is crucial for businesses to address how an attack occurred post-attack. Paying a ransom does not necessarily mean the problem is solved, as attackers may return with new extortion demands. Moreover, cryptocurrency exchanges should implement adequate controls to track illegally acquired bitcoins or other crypto assets, and banks and VASPs should heighten defenses to prevent money from ransomware attacks from entering their platforms.

To stop ransomware from spreading through business networks, companies need to make their defenses stronger against all the different ways these attacks can happen in today's changing businesses.

Here are some recommended actions that businesses should take now and in the future to improve their cybersecurity, cyber-risk management, and cyber resilience:

Security measures for today 

- Businesses, exchanges, and banks should use blockchain analytics tools and Anti-Money Laundering (AML) controls that are specifically designed for managing the risks associated with cryptocurrency services.

- Assess the potential impact of system and data loss on your business, and develop a response action plan that you can test.

- Update your security-awareness training and resources for post-COVID working.

- Ensure secure access to IT systems by verifying identities & monitoring EDR capabilities.

- Check your incident-response capability and backups, and hire an ethical hacker to test your response thoroughly.

Security measures for the future 

It's really important for banks to keep working on making their defenses and ways to fight back against risks better all the time, especially as these expensive attacks keep changing and spreading. Clients may receive illegal currency related to ransom attacks, which exposes the banks to risk.

So, it's important to check all technology changes carefully to catch any mistakes and to look at remote work environments to find any new security weaknesses. It's important to consider how process changes or technology innovations may increase the risk of insider threats. Security should be embedded into all IT delivery processes to address errors and vulnerabilities as early as possible.

Running an exercise based on a scenario that will have the most significant impact on the organization can help identify areas that need improvement. Implementing a program of precise and comprehensive assessments that regularly test defenses and response capabilities against relevant threats and vectors can also help.

It is also necessary to understand what the adoption and expansion of cloud services mean regarding shared security responsibilities.

Dealing with the growing danger of ransomware attacks is super important for businesses to keep running smoothly. Companies need to act fast to make their defenses and plans for dealing with these attacks stronger, because this expensive and harmful problem isn't going away anytime soon.


◼ Click here to learn more about the training we offer:

◼ Click here to learn more about the training for cyber security managers:


Join our WhatsApp group to connect with experts, share insights, and stay updated on the latest trends.

Let's secure the digital world together!


bottom of page