Ransomware, Cryptocurrency and Cyber Defense

How does cryptocurrency help criminals hold governments hostage to cyber attacks?

Cryptocurrency is a means to an end. Getting rid of cryptocurrency would not get rid of ransomware. The misconception is that cryptocurrency is anonymous and nonreversible. The reality is the blockchain technology underlying cryptocurrency is essentially an open ledger designed to provide visibility into transactions.

Law enforcement can see and track these transactions, and some agencies have even seized ransomware payments that were made via cryptocurrency. That said, specific acts within the financial system that would be illegal in traditional markets have not been regulated in the crypto markets.

Cyber criminals tend to follow the path of least resistance, so agencies and municipal governments need to focus on cyber hygiene and protecting their most valuable assets first. Profitability also encourages ransomware. As long as organizations pay or until they increase their level of cyber hygiene, we’ll continue to see ransomware proliferate.

Bad actors steal compute resources to support cryptocurrency processes. How can governments protect themselves?

Cryptocurrency uses a process called mining to enter new bitcoins into circulation and to confirm transactions. Mining is a critical component of blockchain, and it uses hardware to solve complex computations. This is a concern because bad actors steal compute resources from unsuspecting organizations to spin up large machines and mine for bitcoin.

Organizations need to harden their environments by using enhanced detection and response software, looking for unfamiliar processes and keeping endpoints up to date. In the cloud, spotting bad actors can be difficult because their activity is similar to your developers’ activity — they’re spinning up resources in the cloud. The key is to detect abnormal patterns.

Besides implementing standard security controls, governments should set thresholds at which approvals are required for provisioning certain types of resources.

How can government leaders be confident in the cloud services they procure?

Organizations have to stay vigilant. They must work to clearly understand and verify via regular audits the processes that the cloud services provider (CSP) follows to secure their information. Top-tier cloud services providers stay ahead of threats by constantly gathering and analyzing threat intelligence, running threat vulnerability management processes to evaluate and respond to risk, conducting red team exercises and working with other CSPs to share information about the threat landscape.

Agencies also need to ensure they understand the roles and responsibilities within the shared responsibility model of the cloud services they are using. Cloud providers offer tools to help reduce risks on the organization’s side, but agencies need to enable and make use of them. Lastly, they should always push their providers to be as transparent as possible both for the compliance documentation they make available and in their investigations and root cause analyses when there’s an incident.

Oracle offers integrated suites of applications plus secure, autonomous infrastructure in the Oracle Cloud. Learn more about Oracle for state and local government at oracle.com/stateandlocal.