As sanctions busting refocuses attention on crypto’s criminal association, privacy coin Monero is becoming the ransomware token of choice.
That’s according to blockchain intelligence firm CipherTrace, which was recently purchased by Mastercard as it pushes deeper into the crypto payments industry.
In a newly released report focused on 2021, the firm said it is seeing “an increasing demand for ransom payment in monero (XMR), with added premiums for payments in bitcoin (BTC) ranging from 10-20%.”
That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.
Privacy coins are a type of payments cryptocurrency focused exclusively on keeping the transacting parties’ identity secret, even at the expense of convenience and ease of use. They have their roots in the reality that bitcoin’s anonymity is more myth than reality, as all bitcoin transactions are recorded on a blockchain that is both publicly searchable and immune to change.
Read more: PYMNTS Crypto Basics Series: Is Bitcoin Really Anonymous and How Can Law Enforcement Track It?
A Growing Threat
While much of the attention focused on Monero and its ilk has centered around last May’s attack that shut down the Colonial Pipeline that delivers almost half of the East Coast’s fuel, as well as its potential use for helping Russians skirt sanctions, there is growing fear that it can be an effective weapon of terrorism or even war.
And indeed, the government has been a prime focus of ransomware, with attacks on public agencies and facilities jumping 1,885% in 2021.
“Ransomware is treated mostly as a criminal problem, but it may also soon be a geopolitical issue,” Jenny Jun, an expert on North Korean sanctions, wrote in Politico last year. “I use game theory to study ransomware, and I’ve also examined how adversaries like North Korea use cyber tools for strategic goals. My research suggests it’s only a matter of time before encryption is used for geopolitical gains.”
And it “will make it easier for smaller, poorer players to extract concessions from more powerful adversaries,” she said.
Those players don’t have to be nations. Terrorists could use the technology to extract concessions, such as freeing prisoners, or simply refuse to decrypt it.
Which is one of the reasons the IMF’s April Global Financial Stability Report called “the use of technologies and platforms that increase the anonymity of transactions, such as mixers, decentralized exchanges, and privacy coins” a threat that must be addressed.
See also: Citing ‘Cryptoization’ as a Sanctions Threat, IMF Calls for Capital Controls
In announcing a bill in the U.S. that would require companies to report paying ransomware, Sen. Deborah Ross (D-North Carolina), said “ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure … The U.S. cannot continue to fight ransomware attacks with one hand tied behind our back.”
Another new twist is the double-extortion attack, which CipherTrace called “a new and alarming trend in the ongoing evolution of ransomware.” In these attacks, data is not only encrypted, but the hacker threatens to release it if not paid, CipherTrace said.
How Secret?
The leader in the field, Monero doesn’t let users turn privacy on and off like top competitor Dash (DASH) and Zcash (ZEC).
And there’s enough of it sloshing around to obscure of a lot of illicit funds. Not billion-dollar moves by oligarchs under sanctions, the IMF report said, but a lot.
Monero has a $4.8 billion market capitalization, with the last 24 hours seeing $424 million trading volume. Its price is up to $280 at this writing, up from $145 in February.
Among the tools Monero uses to maintain the anonymity of transaction participants are ring signatures, stealth addresses, and ring confidential transactions.
Ring signatures group users’ funds together and does not report which member made the transaction.
Stealth addresses are random, one-time-only addresses created during each transaction, hiding the wallet address of both the ender and receiver.