Perpetrators of ransomware attacks across the world have asked their victims to pay a total of $584.55 million in form of cryptocurrencies as ransom in eight years spanning 2013 to 2020.
The World Economic Forum (WEF) revealed this in its Global Risk Report 2022 released on Tuesday. The insight report is the 17th edition, detailing global digital distress and cyber vulnerability, among other risk factors to watch in 2022.
According to the report analysed by Business Metrics, there has been a sharp rise in malware and ransomware attacks as well as the amount paid by victims into cryptocurrency accounts as ransom.
In 2013, victims of ransomware were directed by perpetrators of the crime to pay $510,000 into crypto accounts. The trend rose sharply by 2014 when attackers raked in $1.11 million ransom via the same channel while it fell to $890,000 in 2015.
As cryptocurrency gained more popularity by 2016, attackers further adopted the channel as a safe haven that could not be easily traced unlike conventional bank accounts, and thus received $17.78 million ransom in the year.
In 2017 and 2018, victims paid $37.68 million $27.3 million cryptocurrencies as ransom respectively.
The trend however gained traction to $92.94 million in 2019 while it skyrocketed beyond expectation to a whopping $406.34 million in 2020.
Digital Everything fueling Cyber Vulnerabilities
According to the WEF, in the context of widespread dependency on increasingly complex digital systems, growing cyber threats are outpacing societies’ ability to effectively prevent and manage them.
For example, the digitalization of physical supply chains creates new vulnerabilities because those supply chains rely on technology providers and other third parties, which are also exposed to similar, potentially contagious, threats.
The report revealed that in December 2021, just one week after discovering a critical security flaw in a widely used software library (Log4j), more than 100 attempts at exploiting the vulnerability were detected every minute, illustrating how free access coding can spread vulnerabilities widely.
Information technology (IT) monitoring and management software also illustrate the potential for contagious exposure, which can break through the defences of critical cybersecurity supply chains, as shown by the Solar Winds Orion attack that occurred in late 2020.
The report reads, “Malicious activity is proliferating, in part because of the growing vulnerabilities—but also because there are few barriers to entry for participants in the ransomware industry and little risk of extradition, prosecution or sanction.
“Malware increased by 358 per cent in 2020, while ransomware increased by 435 per cent, with a four-fold rise in the total cryptocurrency value received by ransomware addresses.”
Non-Technical Criminals also Execute Attacks
As risk possibilities continue to multiply, there is now a new trend of “Ransomware as a service” which allows even non-technical criminals to execute attacks, a trend that might intensify with the advent of artificial intelligence (AI)-powered malware.
In fact, the report noted that profit-seeking groups of cyber mercenaries stand ready to provide access to sophisticated cyber-intrusion tools to facilitate such attacks.
Furthermore, cryptocurrencies have also allowed cybercriminals to collect payments with an only modest risk of detection or monetary clawback.
Attacks themselves are also becoming more aggressive and widespread. Cyberthreat actors using ransomware are leveraging tougher pressure tactics as well as going after more vulnerable targets, impacting public utilities, healthcare systems and data-rich companies.
In the future, the interconnectedness and convergence of these digital tools will continue to increase as society embraces the next version of the internet built upon blockchain technology.
One manifestation of this migration will be the metaverse: a network of 3D virtual spaces, enabled by cryptocurrencies and non-fungible tokens (NFTs) among other technologies, with unprecedented socio-economic interoperability and immersive virtual reality experiences.
Users will be required to navigate security vulnerabilities inherent in both increased dependency on and growing fragmentation in these types of complex technologies often characterized by decentralization and lack of structured guardrails or sophisticated onboarding infrastructure.