There is still an element of the crypto “Wild West” in 2020, as cryptocurrency stolen through hacks and ransomware attacks is still being cashed out on major exchanges around the world. Ransomware attacks have proved to be a lucrative cash cow for cybercriminals over the past few years, with the United States Federal Bureau of Investigation estimating that over $144 million worth of Bitcoin was stolen between October 2013 and November 2019.
A press conference held by the FBI in February revealed the huge amount paid out in ransom to attackers by victims that were desperate to regain access to their infected systems and data. Interestingly enough, attackers received the majority of ransoms in Bitcoin (BTC). More recently, researchers took a sample of 63 ransomware-related transactions, accounting for around $5.7 million of stolen funds, and found that over $1 million worth of Bitcoin was cashed out on Binance following a string of transactions across various wallet addresses.
There are a number of notorious ransomware variations that are used by different hackers and cybercriminal groups. Cybersecurity firm Kaspersky highlighted the uptick in these types of attacks targeting larger organizations in July, outlining two particular malware threats: VHD and Hakuna MATA.
These particular threats seemingly pale in comparison with the amount of cryptocurrency stolen through the use of bigger malware threats such as the Ryuk ransomware. So, here’s why Ryuk has been a preferred method of attack and what can be done to prevent and discourage attackers from cashing out their ill-gotten gains on major exchange platforms.
These newer vectors of attack mentioned in Kaspersky’s July report have not quite garnered the same reputation as the Ryuk ransomware. Toward the end of 2019, Kaspersky released another report that highlighted the plight of municipalities and cities that have fallen prey to ransomware attacks. Ryuk was identified by the firm as the favored vehicle of attacks on larger organizations, with governmental and municipal systems being prime targets in 2019.
Ryuk first appeared in the second half of 2018 and brought havoc as it spread through computer networks and systems around the world. Named after popular character Ryuk from the manga series Death Note, the malware is a clever take on the “King of Death,” who amuses himself by delivering a “death note” to the human realm that allows the note’s finder to kill anyone by simply knowing their name and appearance.
The malware is typically delivered in a two-phase approach that allows the attackers to examine the network first. This usually begins with a large number of machines receiving emails containing a document that users may unwittingly download. The attachment contains an Emotet Trojan malware bot that activates if the file is downloaded.
The second stage of the attack sees the Emotet bot communicate with its servers to install another piece of malware known as a Trickbot. This is the piece of software that allows attackers to carry out a probe of the network.
If the attackers hit a proverbial honey pot — i.e., a network of a big business, governmental or municipal office — the Ryuk ransomware itself will be deployed across different nodes of the network. This is the vector that actually encrypts system files and holds that data for ransom. Ryuk encrypts local files on individual computers and files shared across a network.
Furthermore, Kaspersky explained that Ryuk also has the capability of forcing other computers on the network to switch on if they’re in a sleep mode, which propagates the malware across a larger number of nodes. Files located on computers on a network that are asleep are typically unavailable for access, but if the Ryuk malware is able to wake those PCs up, it will encrypt files on those machines as well.
There are two main reasons why hackers look to attack governmental or municipal computer networks: First, many of these systems are protected by insurance, which makes it far more likely that a monetary settlement can be reached. Second, these bigger networks are intrinsically tied together with other large networks, which can lead to a far-reaching, crippling effect. Systems and data powering completely different departments can be affected, which calls for a swift solution, more often than not resulting in a payment to the attackers.
The end goal of these ransomware attacks is pretty simple: to demand a large payment, typically made using cryptocurrencies. Bitcoin has been the favored payment option for attackers. The use of the preeminent cryptocurrency as the preferred payment method has an unintended consequence for attackers though, as the transparency of the Bitcoin blockchain means that these transactions can be tracked at both a micro and a macro level.
Related: Ransomware Attacks Demanding Crypto Are Unfortunately Here to Stay
That is exactly what researchers have been doing, and by looking at the endpoint of these transactions, analysts can see attackers making use of some of the biggest cryptocurrency exchanges. At the end of August, it was revealed that over $1 million worth of ransomed Bitcoin has been cashed out through Binance.
Binance’s security team revealed to Cointelegraph that these transactions were over 18 months old and that the exchange has been actively monitoring the relevant accounts. The team also highlighted the use of its exchange by attackers as being a byproduct of the sheer volume of cryptocurrency traded on the platform, which gives illicit actors more of a chance to blend into the crowd. The spokesperson added:
“This is further complicated by the fact that Binance has a wide variety of customers operating on its platform, with some customers receiving such funds through simple peer-to-peer trades, and others receiving through corporate services which leverage our platform for liquidity.”
Cointelegraph reached out to Israel-based cybersecurity firm Cymulate to learn what exchanges can do to better prevent cybercriminals from using their platforms to liquidate stolen cryptocurrency. Avihai Ben-Yossef, the company’s co-founder and chief technology officer, contends that companies that provide antivirus protection and endpoint detection and response have a vital role to play in tracking ransomed crypto, given that they know the amounts paid out and the respective wallet addresses receiving the ransomed funds. He added that from there, exchanges can track and trace these payments:
“Analysts can collect wallet numbers and check how much money is in each wallet and then create a sum of all of the found wallets. It’s important to note that there will always be more and that you need to be able to track each one from the Ryuk payloads created.”
There is no doubt that this can be a time-consuming process. Nevertheless, the use of wallet addresses by attackers to receive ransomed funds makes it possible for security teams to keep an eye on the movement of those funds.
Overall, 2020 has been a profitable year for cybercriminals who have made use of ransomware attacks, which have been constantly evolving. Ben-Yossef cautioned organizations and companies to ensure they have the best cybersecurity to combat the constantly changing cybercrime environment:
“Ransomware attacks in general are becoming more and more sophisticated. They include lateral movement, data exfiltration and many more methods that have serious consequences to companies that won’t pay the ransom. There’s a new successor to RYUK, Conti, which is written a bit differently and most likely developed by other hackers. It’s become critical for organizations to adapt security testing tools such as breach and attack simulation to ensure their security controls are working to their optimal effectiveness against emerging threats.”
Crypto bank app Cashaa raises $5 million from O1ex
Cashaa, a crypto bank and exchange app, today announced that it has raised USD 5 million from Dubai based O1ex, a blockchain investment and advisory firm. Cashaa is a crypto-friendly bank app based in London. Previously, Cashaa had raised USD 33 million during the token sale in 2017.
As a part of its expansion plans, Cashaa is all set to launch its app for India. With this, it hopes to pave the way for a crypto-friendly banking system for the country where services will be regulated under the Reserve Bank of India.
With this, Cashaa plans to tap into the growing crypto user base in India. At Cashaa, cryptocurrencies such as Bitcoin, Cashaa coin, Ethereum, and Tether are part of its banking system like the US Dollar, Euro, Sterling Pound, and possibly Indian Rupee soon. More cryptocurrencies such as Ripple, Litecoin, Bitcoin Cash, and EOS will be added in 2021.
As Cashaa is handling huge amounts of AML and transactional data on crypto-currencies related to banking transactions, it can enable regulators to understand the industry better and help it develop a positive outlook towards the industry. A feat, Cashaa projects to repeat in India as well.
Speaking on the occasion, Kumar Gaurav, CEO & Founder, Cashaa said, “India has tremendous potential in its fintech sector. We believe that the next big evolution in the Banking and Crypto space can actually happen from India. Hence, we have been actively working on developing products, working on our infrastructure, and recruitments to power our entry into the Indian market. Apart from India, we will also tap into the African and Caribbean market.’
Cashaa will also be using part of the funds to patch the July 2020 Bitcoin hack that occurred at its Delhi OTC. Though the attack did not affect Cashaa’s operation directly, yet the leadership took it upon itself to resolve the issue and ensure the confidence of the users who lost their Bitcoins. The loss stands restored now and all funds are SAFU. During this process, a lot of global investors had approached Cashaa with investment proposals, but Cashaa in the end accepted the one which enabled it to patch its users’ loss and enabled it to target its growth in India. It is also important to highlight that during the July hack, Cashaa responded swiftly to the incident, reported the matter to the competent authority, and was continually working with authorities and those affected. Cashaa has also reiterated that the hack had not impacted Cashaa’s operation, which had remained secured as the attack was on personal systems and was termed as a “one-off case.”
Kumar further added, “Cashaa’s prime objective is to ensure that its users always felt secured and hence we immediately used our expansion fund to cover the loss in India. By doing this Cashaa not only set an example to the crypto industry. By doing so, Cashaa also became the second company that did not pass the loss of a Bitcoin hack to its users. Binance too had introduced SAFU, which they have used in the past to cover the loss due to the hack in which Binance lost 40 Million USD, but none of the users got any haircut. This decision to rescue our users has not only helped us gain interest and confidence from the fund managers and VCs but also has made the industry sit up and take notice about our commitment to keeping users’ interest at the core.”
Cashaa’s growth story
In the recent past, despite multiple regulatory challenges, Cashaa has managed to onboard hundreds of crypto brands, enabling them to run their operations. Also, the companies last quarter’s onboarding rate grew to 83.16% for crypto businesses from its initial 17.5% in 2019.
Cashaa is now overlooking massive amounts of transactional data coming from crypto companies that enables them to build an AI for transaction monitoring for AML. This has given the regulators comfort to allow Cashaa to build its own banking system. Also, this data has given us a huge competitive advantage compared to any bank/financial institution which intended to bank the crypto business.
Major crypto exchange Binance joins European blockchain industry group – Reuters India
LONDON (Reuters) – Major cryptocurrency exchange Binance said on Thursday it was joining a European blockchain industry group, a move that comes as policymakers look at how to oversee the emerging digital ledger technology.
In a statement, Binance said it would join Blockchain for Europe, a Brussels-based association whose members include major U.S. blockchain payments firm Ripple. Blockchain for Europe advocates for “balanced policy and regulatory governance” for the distributed ledger technology, Binance said.
The European Union is looking at creating a set of rules for cryptocurrencies such as bitcoin, and related technologies such as blockchain-based digital contracts.
At present, the EU has no specific regulations on cryptocurrencies. Until Facebook unveiled plans for the Libra digital currency last year, digital coins had been seen as a marginal issue in Brussels because only a fraction are converted into euros.
Binance has also recently also joined cryptocurrency and fintech associations in Britain and Australia. According to industry site CryptoCompare, it has over the past three months seen the eighth largest trading volume of cryptocurrency exchanges.
Reporting by Tom Wilson; Editing by Mark Potter
Indian exchange CoinDCX cements crypto educational agenda – CryptoClick.io
Despite concerns about possible anti-crypto legislation in the near future, Indian crypto firms are rolling out educational programs and professional training for the exchange CoinDCX announced on Sept. 2 that it will be integrating into an online training and blockchain certifications course run by an organization called Blockchain Council.
Two specialized courses in cryptocurrency training and expertise will be offered through the new partnership. These will extend CoinDCX’s existing educational platform, “DCX Learn” and will offer trainees practice sessions using the exchange’s interface for simulated trading experience.
The new trading and cryptocurrency expertise courses will complement the Blockchain Council’s existing certifications in blockchain technology, Bitcoin, Ethereum and Hyperledger.
In a statement, Blockchain Council’s executive director, Toshendra Sharma, said that the organization’s curricula aim to be “industry-oriented and career focussed.”
Sharma believes that the partnership with a cryptocurrency exchange will ensure that the training on offer is “realistic and up-to-date” with the latest developments in the field.
According to CoinDCX, the highest demand for professionals in the cryptocurrency in the field is concentrated in Bengaluru, in the southern state of Karnataka.
The educational program extends the exchange’s commitment to heightening awareness and broadening adoption of cryptocurrencies in the country; in March, CoinDCX had allocated $1.3 million to a long-term project dubbed TryCrypto.
The initiative’s goal is to introduce 50 million Indian users to the cryptocurrency and blockchain sector.
In the first half of 2020, the exchange had closed a $3 million Series A round with funding from Bain Capital, as well as securing $2.5 million in strategic investment from Coinbase and Polychain Capital.
This climate of investment and optimism tallies with the Indian Supreme Court repeal of a ban on banks’ dealings with crypto firms this March, which had been in force since July 2018.
While the repeal sparked a boom in exchanges and user interest, the crypto regulatory and legal climate remains uncertain, as authorities reportedly mull alternative frameworks to restrict the trading of digital assets.
Major Cryptocurrencies Make it onto the Vienna Stock Exchange
In what will no doubt be seen as a watershed moment in cryptocurrency trading in years to come, Wiener Börse (AKA The Vienna Stock Exchange) have announced that they will list 21Shares Ag’s Bitcoin and Ethereum products, effective immediately. The move will affect the value of cryptocurrency exchange list offerings for these two major digital currencies. Despite recent calls for such a move growing both in number and ferocity, Wiener Borse becomes only the third officially regulated market to list a Bitcoin product for trading, joining those of Switzerland and Germany. Upon announcement of the listing, 21Shares CEO, Hany Rashwan said “We are happy to announce to the world that Bitcoin is now easily accessible everywhere in the entire DACH region”. Mention of this region, which is an acronym used to describe Germany (D), Austria (A), and Switzerland (CH), is significant as it highlights the fact that cryptocurrency is now cemented in the main German Speaking markets.
The rise of cryptocurrencies since their inception is well documented, so to many, this has seemed like an inevitable move, but why now? 21Shares’ website description of their Bitcoin ETP states “It’s time for Plan B. With global uncertainty, negative interest rates, a worldwide pandemic, and unstoppable central bank printing, we think it’s the right to invest in a time-tested and innovative alternative solution already used by millions”. It wouldn’t be far-fetched to also use this ETP description to explain why 21Shares have seen now as an optimum time to make this move. The aforementioned global pandemic we are experiencing has led to falling share prices and uncertainty across almost all industries, especially those which rely on customer footfall and presencial labor.
Thomas Rainer, head of business development at the Vienna Stock Exchange said, “Investors can profit from the stock exchange advantages in crypto trading: Monitored, regulated and transparent trading with real-time information and secure settlement via their regular brokers account” At the very least, the listing of cryptocurrencies on officially regulated markets will go some way towards taking away some of the natural stigmas that come with trading and tracking investments via other channels.
Reiner added, “With the listings, the Vienna Stock Exchange is expanding its selection of asset classes”, this statement mirrors the feelings of a growing number of investors, who feel now is a great time to shift investments towards purely virtual assets. By listing cryptocurrencies these DACH region markets are placing themselves at the forefront of what could be a seismic shift in trading and we can expect others to follow.
Following on from the DACH regions’ advocacy of cryptocurrency trading, The Singapore Exchange (SGX) also recently announced it will be listing price indexes for both Bitcoin and Ethereum. Although it will not allow for trading via SGX, this venture, in collaboration with CryptoCompare, a UK-based crypto data firm, will allow users and, more importantly, firms to track the fluctuating prices of crypto assets via a reliable source. Simon Karaban, head of index services for SGX said, “As the world moves swiftly towards digitization in the creation and accumulation of wealth, digital assets are increasingly being adopted by investors,”, the similarity between these statements and those of his Wiener Börse counterpart is telling, so one would imagine we will see full crypto trading available on SG